You cannot put all your money into cyber risk prevention but must invest in resilience, Augusto Perez Arbizu, Director of Corporate Risk and Insurance, Telefonica, and President of IGREA, told the OECD-Marsh conference on cyber insurance taking place yesterday and today in Paris.
The Risk Manager must be responsible, as for others risks, for the quantification aspect of cyber security. It is a necessary step towards understanding and managing the exposure of the company. He/she should act as a facilitator between the Board and the operational department (IT, Finance, Legal and other functions).
Philippe Cotelle, Head of Insurance Risk Management at Airbus Defence and Space, describes the development of a response methodology to create resilience against cyber risks.
There are three main obstacles to a good understanding of cyber risk
The following speech was delivered at a conference on cyber risks at the European Parliament on 23 February 2016.
Cyber security requires an enterprise-wide approach, and the risk manager’s role is to help the company achieve effective, data-based enterprise risk management, the Federation of European Risk Management Associations (FERMA) has told the European Commission.
The good management of data is now an essential part of the business model of many organisations. But with new dependencies linked to the increased use of external hosting, collection, treatment and transfer of data, it is also posing heavy challenges legal, IT and strategic issues.
French and British initiatives are taking the role of insurance for cyber risks into account in their national strategy for cybersecurity.