12/12/2016

US and EU boards and cyber risk governance

printed circuit

Economic growth is going to come from the digital economy.  Digital risks have to be considered at board level because they can affect the value of the company. In this digital world, therefore, high quality risk management will contribute to the value of the business.

This was the view of the final FERMA webinar of the year organised with ecoDA and AIG on the subject: “EU/US boards’ approach to cyber risk governance: towards a common view?”. The participants were:

  • John Carlin, US Assistant Attorney General – National Security
  • Philippe Cotelle, Head of Insurance Risk Management at Airbus Defence and Space and member of AMRAE
  • Mark Hughes, CEO, BT Security and Mark Camillo. Head of Cyber EMEA at AIG
  • Moderator: Roger Barker, Director of Corporate Governance and Professional Standards of ecoDA

From the two sides of the Atlantic Ocean, the participants agreed that digital risk is the new frontier. Getting a holistic view of the company’s risk is challenging but it is absolutely necessary to put in effect a risk governance framework in place that is proportionate. The framework needs to accommodate both compliance with regulations and rapid, adaptable decision making in the face of changing threats.

The risk manager sees all levels of the business so he or she has an important role in this process. Risk managers should help lead the enterprise view of digital risks, the development of analytical tools such as scenario planning, the creation of crisis management decision-making and the transfer of suitable risks to the insurance market.

Other important points from the discussion were:

  • Sharing information is critical, both to protecting business but also protecting society.
  • Do report breaches to the authorities even if they are small and you have been able to manage them.
  • Collaborate with others in your own industry.
  • The insurance market is developing. However, an audit of existing policies should reveal where risks are already covered and where there is uncertainty.