FERMA calls on ENISA to integrate client dimension in cyber insurance language harmonisation
Written by staff reporter
FERMA has welcomed the publication of a report from the European Union Agency for Network and Information Security (ENISA) on the commonality of risk assessment language in cyber insurance, but says that for a full picture the perspective of the insured must also be considered.
The European risk management association shares ENISA’s concerns about the lack of language harmonisation when it comes to the insurance of cyber risks and welcomes many of the report’s recommendations, but argues that the process needs to begin with a risk assessment within the organisation. This aspect is not covered in the report, which is based on evidence from the insurance industry only.
Philippe Cotelle, FERMA board member and head of Insurance Risk Management, Airbus Defence and Space, said: “Before any decision to purchase cyber insurance, a risk assessment should first of all be performed on the customer’s side. It all starts from the situation faced by the clients. They need to define the exposure faced by their organisation to cyber risk. The risk assessment language, therefore, should be defined at the intersection of clients, brokers and insurance.”
There is currently a gap between the demand and the offer for cyber risk insurance which remains one of the major obstacles to the development of mature market. Closing this gap requires better cyber risk financial quantification. FERMA believes that brokers and insurers cannot alone assess the financial exposure of their clients.
FERMA is pleased with clarification so far in the report over cyber claims management. The acknowledgement that “claims triggers should be part of language harmonisation” and the recommendation to “develop specific use cases and examples of claims triggers for different types of coverage” are going in the right direction to increase the maturity of the cyber insurance market in Europe.
Says Cotelle: “This is in fully line with our conviction that the European cyber insurance market will develop even further if clients know with better accuracy when and how their cyber insurance policy will be activated and therefore claims being paid.”
FERMA is pressing ENISA to consider the three following areas of improvement for the cyber insurance market:
-inclusion of the risk assessment process;
-the exchange of information between insurers and insureds;
-the comparison of cyber insurance offers by the insureds.