Monday 11 October: What happened?

Watch below short video of our highlights:

Monday morning: European Commission Vice President Maroš Šefčovič Interview & ”Collaborate for resilience” panel

Maroš Šefčovič said: “We need to improve situational awareness – ability to peep over the horizon and get information in real time,” He welcomed regular contact with FERMA and risk managers to help improve hazard scanning, better anticipation.

He also said that the pandemic had made the EU look at imports. It found heavy dependence on suppliers from outside, especially China. Europe needs to be more self-sufficient; it gives freedom to act. The switch to digitalisation leads to concerns about new materials, much of which comes from China.

Much of the material that goes into technology of the future, super computers, drones , energy based, depends on China for raw materials, so this is a factor in digitalisation.

The European strategy is four years old and didn’t even mention lithium.

Watch below the full replay of Monday morning:

Sandra Gobert said that boards had not been prepared for the pandemic. “Are we prepared for the next event? We have to have plans but know also that the next crisis will probably be very different from our expectations.”

Nice comment from Stephane Lenco: cyber risk management is a “team sport.” When before “it was about one person that you didn’t understand.”

John Bendemacher made the point about needing to including out-sourced services into consideration.

Monday afternoon: face to face interview with Minister Koritnik, from Slovenian Presidency of the Council of the European Union and ”What’s on the European Agenda for a digital and green recovery?” panel

Boštijan Koritnik said cyber security was one of a key element of digital Europe which in turn made it more complex. There was a need for focussed investment in solutions. As part of this process, we need to increase the strength and active engagement with partners including the private sector. “The private sector is vital to building trust and increasing cyber resilience.”

Philippe Cotelle expressed concern about EU sovereignty in terms of cyber security processes: identify, evaluation, mitigate and risk transfer. Identification and evaluation ratings tended to be done by US based companies which did not relate well to the European methods. (John B also made the point elsewhere about the US compliance culture versus a European risk culture.)

In terms of mitigation, the US was defining the approved level of mitigation and it was being imposed on suppliers. If you want to deal with the US, you had to comply.

In terms of risk transfer, 80% of the cyber insurance market is US based. This means decisions in the US are determining cyber coverage in Europe.

He also pointed out there is very little consistent, official information available on cyber attacks. “What is the economic impact? No body knows? How many companies suffer attacks? No body knows.” There were only surveys and studies based on limited samples.

This puts the corporate buyer of cyber insurance at a disadvantage that the Lucy project intends to redress.

From a regulatory perspective, Fausto Parente also noted the accumulation issue especially in relation to non-affirmative cyber and EIOPA is introducing cyber into stress testing for insurers. EIOPA is collecting data on cyber incidents which he said was key step needed to allow standardisation.

These aggregation fears are affecting the availability of cyber and explain why insurers are reluctant to write first and third party risks in the same policy even though it makes sense to the buyer, according to Paul Knowles’s.

Heidi Hautala: “We are surrounded by a huge and growing number of autocratic leaders who are not afraid to use digital technology in their own murky interests.”

Watch below the full replay of Monday afternoon: