The European Commission estimates at least 80% of businesses have experienced a cybersecurity incident in the last year. In 2018, FERMA has published three reports to support risk professionals and insurance buyers in dealing with cyber threats and understand risk transfer options:  Preparing for Cyber Insurance, a practical guide; a new edition of the Cyber Governance Report and a report containing presentations and interviews from the 2018 FERMA Seminar.

Practical guide to help prepare for Cyber Insurance

Along with Bipar, the European intermediaries’ organisation, and Insurance Europe, and in association with Aon and Marsh, FERMA published ‘Preparing for Cyber Insurance’ report  in October. The document was prepared by a joint expert group composed of representatives from the insurance and business sectors. It is the first of its kind to include information from all three organisations involved in the process, namely, the buyers, the insurers and the brokers.

This guide “Preparing for Cyber Insurance” aims to assist insurance purchasers in their analysis and comparison of various insurance offerings while providing insurers with the tools to increase the clarity of their offer.

FERMA believes an increased level of dialogue and information exchange is preferable to regulatory intervention. The report aims to enable this and will support development of the market.

Cyber Governance Report

FERMA has updated its report At the Junction of Corporate Governance & Cybersecurity, published in conjunction with the European Confederation of Institutes of Internal Auditing (ECIIA). This new edition includes a case study from Julie Cain of the Education Testing Service (ETS). Julie outlines how she implemented the recommendations of the report and describes the beneficial impact it has had upon the ETS.

The report was initially released in 2017 and addresses the piecemeal approach that many companies deploy to manage their cybersecurity. The report advocates the creation of a cyber governance framework to improve coordination and cooperation to improve the overall cybersecurity posture of organisations.

Seminar Cyber Report

Following the October 2018 FERMA Seminar in Antwerp, FERMA published a report on cyber risks, the topic of day 2 at the event, featuring the presentations, key learning and background interviews. The 37-page document has been sent to all Seminar attendees as part of FERMA’s objective to emphasise the long-term educational value of the event. The document will be available to all on the FERMA website.

Contribution to international indicators measuring cyber risks

FERMA has been strengthening its working relationship with OECD on cyber risks. We collaborated with OECD to produce a joint pilot survey including 13 of FERMA’s national member associations with the aim of establishing international statistical indicators to measure digital risk management in businesses.

Preliminary results revealed that in 82% of the responses, enterprise-wide digital security is the responsibility of the chief information officer, IT manager or chief information security officer. However, in 5% of the cases, the risk manager is in charge digital security risks. More than 20% of risk managers assess dependencies as part of the digital risk profile of the enterprise, more than 15% deal with incident probability and more than 30% deal with the consequences of cyber events.  The full report is expected to be published in Q1 next year.

Plan for EU-wide certification for internet-connected products and IT solutions

The new EU Cyber Security Certification Framework, expected to go into effect early in 2019, is a contribution toward European cyber resilience, but organisations must not let down their guard says Head of Insurance Risk Management, Airbus Defence and Space and FERMA board member Philippe Cotelle. “The Cyber Security Certification Framework is a step to ensure Europe develops its cyber resilience. However, businesses must keep strengthening their cyber defences. Cyber security is a dynamic and constantly evolving process”

FERMA has been following closely the Cyber Security Certification Framework proposed by the European Commission to create a common information and communications technology (ICT) product security certification scheme to support the recognition of product trustworthiness across EU member states.

Following a series of trialogues, political agreement on the regulation was reached on Monday 10 December. The next steps will be for the regulation to receive formal approval in the European Parliament and the European Council before it is published in the EU Official Journal before entering force immediately.

AI ethical guidelines expected in February

Ethical guidelines on artificial intelligence (AI) under development by the European Commission’s High-Level Expert Group on Artificial Intelligence headed by ex-Nokia President, Pekka Ala-Pietilä, are scheduled for publication in February 2019.

FERMA has been advocating for ethical rules for all actors of the value chain as increased use of data associated with AI could create concerns among stakeholders along with risks to reputation. In addition, FERMA believes clear lines must be drawn between the opportunities of AI and the risks posed to insurability due to potential over-reliance on AI during decision making processes.

FERMA is a member of the European AI Alliance, a forum created by the European Commission to encourage broad and open discussion on AI which is contributing to the discussion.