potential use of nis platform guidance for cyber-insurance purposes
DESCRIPTION
Launched in February 2013 by the Cybersecurity Strategy of the European Union, the public-private platform on NIS (Network & Information Security) held its first meeting in June 2013 and is looking to develop secure and effective ICT (Information & Communication Technology) risk management practices. The final result is a Guidance that was presented at the 3rd NIS Platform Plenary meeting of 30 April 2014 in Brussels and FERMA has been asked to give an 'outsiders' view on the NIS Platform guidance and whether it could be of use when assessing the maturity of organisations for cyber-security insurance coverage purposes. Among others, this presentation tries to answer the following questions: - How to assess the maturity of an organisation in terms of risk management and preparedness (gap analysis) . -Are there any incentives that could lead to lower risk premiums for organisations that adhere to the best practices? - What kinds of risks are currently covered by cybersecurity insurance policies, first party, third party, personal data loss, business data loss, losses due to interruption of business?TRANSCRIPT
2014 FERMA
Potential use of NIS Platform Guidance for cyber-insurance purposes
3rd NIS Network & Information Security Platform Plenary meetingBrussels, 30 April 2014
Julien Bedhouche FERMA European Affairs Adviser
2014 FERMA 2014 FERMA
BACKGROUND
2014 FERMA 2014 FERMA
FERMA Presence22 member associations in 20 countries
4336 individual members who are responsible for risk management and / or insurance in their organisations
2014 FERMA 2014 FERMA
Purpose
2014 FERMA
Cyber is still an emerging risk• The Global Risks Report from the World Economic
Forum 2014 identified Digital Disintegration as one of three key areas of global risk
• While the Internet is designed for resilience, it has little inherent security and so “attackers” have still the advantage over “defenders
• Organizations need to respond through strategic planning, and review their resilience framework
• But organizations cannot solve these problems on their own and there is a need for more joint working at a global, regional and local level
• There is a need for more long term thinking
2014 FERMA 2014 FERMA
Cybersecurity and Risk Managers
2014 FERMA 2014 FERMA
The NISP Guidance Documents
2014 FERMA 2014 FERMA
Kite marks and standards
2014 FERMA 2014 FERMA
Current situations for companies
2014 FERMA 2014 FERMA
The world continues to learn
2014 FERMA 2014 FERMA
Cyber insurance
2014 FERMA
Cyber insurance in the NISP documents (p.3, 4 & 28)
2014 FERMA 2014 FERMA
Shortcoming for Critical National Infrastructures
2014 FERMA 2014 FERMA
Insurers becoming more cyber-savvy
2014 FERMA 2014 FERMA
CONCLUSIONS 1/2
2014 FERMA 2014 FERMA
CONCLUSIONS 2/2
2014 FERMA 2014 FERMA
Legal Notice2014 FERMA. All rights reserved. You are not permitted to create any modifications or derivatives of this presentation or to use it for commercial or other public purposes without the prior written permission of FERMA.
Although all the information used was taken from reliable sources, FERMA does not accept any responsibility for the accuracy or comprehensiveness of the details given.
All liability for the accuracy and completeness thereof or for any damage resulting from the use of the information contained in this presentation is expressly excluded.
Under no circumstances shall FERMA be liable for any financial and/or consequential loss relating to this presentation.