Exclusive FERMA ECIIA Cyber Risk Governance report available

European risk experts have called for organisations to create dedicated internal cyber risk governance groups to address digital risks across the whole enterprise as the threats evolve 

The recommendation for a cyber risk governance model comes in a report published June 29 by the Federation of European Risk Management Associations (FERMA) and the European Confederation of Institutes of Internal Auditing (ECIIA).

FERMA and ECIIA presented their report at a high-level event at the European Parliament with representatives of the EU institutions, the World Economic Forum, risk and audit practitioners from European businesses, and other European stakeholders.

The report, At the junction of corporate governance and cybersecurity, aims primarily at supporting European organisations in meeting their obligations under the EU General Data Protection Regulation and Network Information Security Directive. Recent cyber attacks, however, increased concerns on what the risk experts see as a wider lack of focus on risk governance in cyber security.

The President of FERMA Jo Willaert states, “As recent attacks show, cyber risk is an enterprise issue that affects strategic aspects of the board’s mandate including valuation, reputation and trust. The management of cyber risk has, therefore, become a corporate issue that should be reflected in the governance of the company.

He adds, “Our two professions are joining forces on cyber risk management by exchanging information on the ERM system and the cyber controls in place, ensuring that mitigation plans are auditable from their conception. This is crucial to evaluate their impact and review the alignment with the strategy.”  

The report calls for the creation of cyber risk governance groups, chaired by the risk manager, to operate across functions within the enterprise. The role of the group is to determine the potential cost of cyber risks across the whole organisation, including catastrophic risk scenarios, and propose mitigation measures to the risk committee and the board. In addition to the risk managers, the group is to be composed of representatives of all key functions at an enterprise level involved in digital risk, notably IT, human resources, communications, finance, legal and the data protection officer (DPO) and chief information security officer (CISO). Internal audit will provide the necessary assurance to the board that the cyber risk controls are operating effectively.

Adds Jo Willaert, “Our recommended cyber risk governance model constitutes an innovative way for organisations to approach cyber security. It will allow the board of directors to demonstrate that cyber risks are managed on a rational and documented analysis of the risks across the organisation.

The joint working group, represented risk managers and internal auditors from 8 EU countries and  6 different economic sectors (bank, transport, defense, IT, food services and telecom) has developed recommendations for organizations on innovative ways to internally organize the management of cyber risks.

Click here to view video on cyber risk governance with Philippe Cotelle, Head of Insurance and Risk Management of Airbus Defence & Space

 

Corporate Governance and Cybersecurity Event at European Parliament 29 June 2017

 

Share with others

Subscribe to our newsletter

* indicates required
Interests

By subscribing to our newsletter, you agree that we may process your information in accordance with our Privacy policy.

You can change your mind at any time by clicking the unsubscribe link in the footer of any email you receive from us, or by contacting us at enquiries@ferma.eu.

We use MailChimp as our marketing platform. By subscribing to our newsletter, you acknowledge that your information will be transferred to MailChimp for processing. Learn more about MailChimp’s privacy practices here.

Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.

3rd Party Cookies

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping this cookie enabled helps us to improve our website.