“Businesses have difficulties with reaching a basic level of protection often due to a lack of risk insights and data driven risk mitigation.”
This is FERMA’s response to the Commission’s consultation on public-private partnerships in cyber security as part of the commission's Digital Single Market Strategy.
While FERMA believes that cyber security products and services in the EU are of good standard, it also stated that many businesses underestimate the impact of cyber attacks, resulting in IT security budgets that are not in line with the magnitude of the risk.
FERMA President Jo Willaert, commented: “The boards of organisations need to understand that cyber risk is not only an IT risk; it is an enterprise risk. In that respect, we advocate a central role for the risk management function. Without being an IT specialist, the risk manager provides expert advice to support the board and the CEO. He or she is working hand in hand with the operational units such as IT, legal and internal audit.”
FERMA also argues that public intervention is necessary in order to help organisations cope with the challenge of cyber risks. It urges the development of:
- A framework for the clarification of cross-border liabilities in cyber incidents.
- A global set of rules for cyber risk assessment that would safeguard confidentiality in incident disclosure and insurance claims.
- The incorporation of cyber risk governance in legislation and guidance to create an integrated approach to the threats from the top to the bottom of the organisation.
Another key point of the FERMA’s response is to consider the value of insurance as part of the cyber security solution, as well as the need to address the key issues to unlock the cyber insurance market development which has been slower than expected.
Jo Willaert said: “Cyber threats are now of a systemic nature. Businesses, governments and insurers, therefore, need to collaborate. We must act now.”
Download the FERMA response to the 2016 cyber security consultation
Sources: www.ferma.eu - www.commercialriskeurope.com