FERMA welcomes the publication today of the report from the European Union Agency for Network and Information Security (ENISA) “Commonality of risk assessment language in cyber insurance” but regrets that the clients’ perspective is missing.
FERMA shares ENISA’s concerns about the lack of language harmonisation when it comes to the insurance of cyber risks and welcomes many of the report’s recommendations. However, FERMA argues that the process needs to begin with a risk assessment within the organisation. This aspect is not covered in the report, which is based on evidence from the insurance industry only.
Philippe Cotelle, FERMA board member and head of Insurance Risk Management, Airbus Defence and Space, said: “Before any decision to purchase cyber insurance, a risk assessment should first of all be performed on the customer’s side. It all starts from the situation faced by the clients. They need to define the exposure faced by their organisation to cyber risk. The risk assessment language, therefore, should be defined at the intersection of clients, brokers and insurance.”
There is currently a gap between the demand and the offer for cyber risk insurance which remains one of the major obstacles to the development of mature market. Closing this gap requires better cyber risk financial quantification. FERMA is convinced that brokers and insurers cannot alone assess the financial exposure of their clients.
FERMA is pleased with clarification so far in the report over cyber claims management. The acknowledgement that “claims triggers should be part of language harmonisation” and the recommendation to “develop specific use cases and examples of claims triggers for different types of coverage” are going in the right direction to increase the maturity of the cyber insurance market in Europe.
According to Philippe Cotelle: “This is in fully line with our conviction that the European cyber insurance market will develop even further if clients know with better accuracy when and how their cyber insurance policy will be activated and therefore claims being paid.”
FERMA is pressing ENISA to consider the three following areas of improvement for the cyber insurance market:
- inclusion of the risk assessment process;
- the exchange of information between insurers and insureds;
- the comparison of cyber insurance offers by the insureds.
The ENISA report “Commonality of risk assessment language in cyber insurance” can be consulted on their website at https://www.enisa.europa.eu/publications/commonality-of-risk-assessment-language-in-cyber-insurance