What level of awareness should Boards have? How much time should Boards spend on cyber/risk management issues?
The Risk Manager must be responsible, as for others risks, for the quantification aspect of cyber security. It is a necessary step towards understanding and managing the exposure of the company. He/she should act as a facilitator between the Board and the operational department (IT, Finance, Legal and other functions).
- How can Risk Managers bring unique added value in identifying and quantifying risk exposure?
- When an interrelationship exists between the Risk Manager and the CIO (Chief Information Officer) or their equivalent, is it complementary and symbiotic?
- To whom should the Risk Managers report the exposures, the liabilities, and the potential correlations or interconnections with other risks?
- How would they propose relevant mitigation strategies to be endorsed by the operational departments and the Board?
In case of a claim, how should the confidentiality of critical information be managed when it is provided to multiple stakeholders (insurers, brokers, loss adjusters, public authorities)? Are the companies ready to grant access to their confidential systems and processes to those third parties?
This is a key subject to unlock the cyber insurance development and to support the economic growth the Digital world is bringing to Europe.