Cyber risks are continuously evolving as technology advances and our dependence on IT growth. Tackling such a rapidly moving target is a challenge for organisations and doesn’t necessarily fit within the existing structure of enterprise risk management.

What is the role for the enterprise risk manager when the IT department has responsibility for cyber risks and even has a specialist IT risk manager? Will the manager of insurable risks be put in an awkward position because coverage is simply not easy to find or insurers are wary about the exposures?

“Threats from cyber space are frequently among the top 10 risks quoted by risk managers”

FERMA is seeking answers to these questions through a project with Zurich Insurance and the Harvard Business Review Analytic Services. We are supporting this initiative because we believe it is important to gain a greater understanding about how the global risk managers’ community views these risks.

FERMA scientific advisor, Marie Gemma Dequae, commented: “Experts warn that an increasing number of viruses will be aimed at the operations of specific industries, companies or countries. It’s not surprising that threats from cyber space are frequently among the top 10 risks quoted by risk managers today.”

The first stage of the project is a survey of risk managers which closed on 7 September. The questions focused on broad information security and privacy risks, their significance within organisations, effective mitigation processes, financial implications and international regulation.

It looked at issues of responsibility within the organisation, primary areas of concern, levels of commitment by senior management to tackling these risks, employee training and incident response plans.

The main topics identified from the study findings will be the focus of a security and privacy webinar to be run by Zurich later this year, to which FERMA members will be invited to participate, followed by an insight report.