A new joint working group between FERMA and the European Confederation of Institute of Internal Auditing (ECIIA) will begin work in early 2017, to help companies develop cyber risk governance. This follows a call for experts from among FERMA’s members to participate.


Currently, a lack of focus on the risk governance aspect of cyber security in EU laws leaves companies free to organise their risk management. This also means that companies need to devise the functions and methods by which they are going to do this internally.

The working group will propose new methodologies that companies can use. It will assess the requirements for cyber risk governance in light of the two latest EU laws, the NIS Directive and Data Protection Regulation, and focus on essential service industries. It plans to produce a report with group conclusions and recommendations in mid-2017.

FERMA is also contributing to work identified by OECD on a methodology with tools and indicators to measure the effectiveness of digital risk management in businesses. Quantitative rankings for organisation cyber security will be valuable for regulators, investors and business partners, among others.

For more information, contact Julien Bedhouche at the FERMA office: