14/09/2018

Applying Lessons Learned - a Q&A with Tobias Bunz

Tobias

As summer starts to draw to an end and we edge ever closer to this year’s FERMA Seminar, we sat down with E.ON and ‘Applying Lessons Learned’ workshop moderator, Tobias Bunz. Here, Tobias reflects on the lessons learned from the large-scale cyberattacks on Maersk and Telefonica in 2017 and reveals the insight attendees can expect to gain at this year’s conference, including the benefits of FERMA’s 2017 cyber governance report.

You have been one of the contributors to the FERMA working group on cyber insurance. Can you explain more about the working group’s research and the Applying Lessons Learned workshop you will be moderating at FERMA Seminar?

The working group had two different objectives; on the one hand, we try to help middle markets to get better prepared for the cyber underwriting process in the future.  And on the other hand, we strive to develop criteria for an organisation to effectively benchmark the insurance offered.

The working group was composed of representatives of brokers, insurers, insurance and broker organisations, and representatives from multi-national companies. The challenge was to find and develop principles which are applicable for all insurance markets in Europe because the participants of the group did not necessarily reflect the whole of Europe. However, as the biggest cyber insurance nations were represented, I think that we have at least a good picture – especially as we profited from the insight of one broker representative whose role is Cyber Insurance Coordinator on a European level.

The middle market at the end shall also be supported to perform the full cyber risk assessment process that was described in the 2017 FERMA cyber risk governance report. The task we did within the working group connects well to the 2017 project and report, and let me emphasise that we do not want to provide a criteria ranking for the insurance industry, obligating anyone to insure the client to certain conditions. We would rather like to propose criteria and better insight. The decision at the end of the underwriting process will be a commercial one.

As far as the workshop at FERMA Seminar in Antwerp is concerned, we have the knowledge of risk managers from Maersk and Telefonica on board, who will share their experience and lessons learned of the large-scale cyberattacks on their companies in 2017.  Afterwards, we would like to have a roundtable discussion with five groups, each focusing on one key element of a cyberattack. One question and idea will then be prepared per group to be discussed, to end the session by landing on recommendations and lessons learned as far as each topic is concerned.

How challenging is the underwriting process for cyber insurance for a company today?

I would say very challenging for the following reasons:

First of all, we have to be aware that insurers assess the cyber risks of the insured carefully. However, there is no standardised underwriting process within Europe. As such, there are no standard rules for calculating the premium and there are only rough indicators such as those which are written by national authorities. So, insurers usually rely on underwriting questionnaires to get an overview of the IT profile of the company and its cyber risk management readiness. In addition to that, the dialogue on cyber insurance remains based on a high level of trust and good faith, so that personal relationships also play an important role.

Although there are different standards within Europe, we have the need for standardized objectives and criteria on the one hand, and on the other hand, we have to find a way to deal with the influence of subjectivity.

What can attendees to the workshop expect to gain from attending?

There’s a lot to gain from attending our workshop at FERMA Seminar! At a high level, attendees can expect to hear a wealth of research and experience-based advice on some key elements of a cyber-attack. You will also gain an overview and vision of the future and how to deal with cyber incidents not only on an insurance level.

Interested in hearing more from Tobias Bunz? Sign up for FERMA Seminar today to attend his workshop and discover what else our action-packed two-day programme has to offer.

Seminar attendees will also gain exclusive access to Tobias’ full interview featuring his insights on three more questions plus his views live at the Seminar in our round-up FERMA report.

 

Cyber