Meeting the Cyber Risk Challenge

The second research in the series on Leadership in Risk Managemenent can be seen here

The third and last research on Environmental Risk Management can be seen here

Meeting the Cyber Risk Challenge – Final Report AVAILABLE NOW

The study says that given both the incidence of attacks and the severity of penalties for data breaches, companies need to take an enterprise risk management (ERM) to deal with cyber risks. Implementation should range from incorporating cyber security as part of a board-level corporate strategy to IT-oriented tactics that permeate the organisation. “ERM should involve every department, stakeholder and partner that owns information assets,” the report advises.

These include:

  • human resources (employee data, including salary, health and performance) finance (accounts)
  • marketing (product information and plans)
  • legal (contracts)
  • compliance and audit teams
  • third-party channel partners (trade secrets)

The study found that many companies still do not devote sufficient strategic attention to cyber risks, despite an increase in frequency, and severity of the threats and harsher regulatory penalties for compliance and loss of sensitive data. It concludes: “They must improve their institutional preparedness to combat cyber threats and losses, which are inadequately covered by traditional liability insurance.”

Download the report here in PDF version

The results from the survey can be dowloaded here

Cyber Risk Webinar – Replay Video

It’s not too late to listen to FERMA board member Julia Graham and other industry experts in the webinar on the cyber risk challenge. To do so, please click on the link below:

Cyber Risk Webinar

This webinar was presented by the Harvard Business Review and supported by Zurich Insurance Company.

The presentation can be downloaded in PDF format

The Executive Summary, which captures the key insights from the event, can be downloaded here.

Cyber Risk Webinar – 27 November

Over the next two years cyber threats are predicted to become one of the primary risks to businesses like yours. With new European Union (EU) cyber-security legislation being enforced from 2014, where do you stand, what security and privacy risks are you already exposed to, and how can you protect your business?

Join a panel of industry experts for the ‘Meeting the cyber risk challenge’ webinar hosted by Zurich, the Federation of European Risk Managers (FERMA), and the Harvard Business Review. Key issues covered include:

  • Some IT measures you may need to implement to successfully combat security and privacy risks
  • What the 2014 EU cyber-security legislation may mean for your business and how you should be preparing for it
  • Today’s insurance market and the current and future challenges
  • Risk mitigation strategies, and what risks are and aren’t insurable

We will also be exclusively presenting the key findings from our pan-European Security & Privacy Survey.

After the webinar on 27th November it can be viewed on demand, through the FERMA website

Webinar Overview

Information security and privacy have become significant areas of concern over the past three years for global executives, who are all too aware that the security and integrity of customer, client and internal data are vulnerable to attack.

Commitment to security awareness, initiatives, and processes is rapidly becoming an important part of the corporate culture at the vast majority of companies, because leaders know that cyber security is fundamental to how they conduct business and manage their business relationships. Yet in a recent survey of risk managers in Europe, many companies believe they still face significant challenges.

What is the best organizational structure to ensure that security and privacy risks are identified and addressed? What is the emerging role of the board in oversight of risk? How are companies ensuring that every employee is committed to security practices? What legislation and regulatory measures are being proposed to help combat cyber-attacks internationally?

Focusing on the best practices in information security and privacy programs, join our panel of experts for this interactive discussion hosted by HBR in association with Zurich and FERMA.

About the Panelists

Mark FishleighMark Fishleigh – Director, Detica

Mark Fishleigh is a Director within Detica’s financial services practice. Detica develops, integrates and manages information intelligence solutions to help clients deliver effective and secure services. Mark has worked in IT-enabled services industries for seventeen years. He has worked with clients in the Financial Services industry for most of this time. Mark has extensive experience of helping clients deal with complex operational problems, including through transformational change programs and outsourcing.

Jérôme GosséJérôme Gossé – Financial Lines Underwriter, Zurich Global Corporate France

Jérôme is a Professional Indemnity Underwriter within the Financial Lines department. He is involved in the team in charge of developing the Zurich Security & Privacy insurance solution in Europe. Previously, Jérôme was a Client Advisor within the Marsh FINPRO department and was also the Communication, Media and Technology Practice Leader in France. Jérôme has 8 years experience within legal departments of major commercial and brokerage companies,including Marsh Toronto.

Julia GrahamJulia Graham – Chief Risk Officer, DLA Piper International LLP

Julia Graham has worked in the world of risk management for over 30 years. She is the Chief Risk Officer for DLA Piper the largest legal services organization in the world. Previously Julia was head of Global Group Risk Management at the insurance company RSA where she had a background in general management and risk management, as the company’s first Group Risk Manager. Julia is a past Chairman of AIRMIC, the UK association of insurance and risk managers and Chairman of the Risk Panel of the Managing Partners’ Forum whose membership specifically focuses on professional services organizations.

She was Chairman of the British Standards Institution (BSi) committee which published the first British standard for Risk Management BS31100 and a member of the British Standards committee which developed the British Standard for business continuity management BS25999. Julia is a Fellow of the Chartered Insurance Institute, a Chartered Insurer, and Fellow of the Business Continuity Institute.

Andrew HorrockAndrew Horrock – Partner, Clyde & Co

Andrew Horrocks is a partner in the Professional and Commercial Disputes team at Clyde & Co with wide insurance, cyber and IT-related claims experience. Andrew has done numerous IT and cyber related claims including cases about software development and licensing, IT procurement, consultancy, outsourcing and data breaches. He advises on liability, insurance, coverage and legal 

risk management issues related to technology and e-commerce risks, and also handles claims and contentious issues relating to intellectual property, websites, data protection and e-mail use. He is vice chairman of the IUA Digital Risk Working Party on which he is the only lawyer. Andrew is a member of the Society for Computers and Law and the British Insurance Law Association, and serves as an Honorary Legal Adviser to the CAB.

FERMA   Zurich   Harvard Business Review