Launched in February 2013 by the Cybersecurity Strategy of the European Union, the public-private platform on NIS (Network & Information Security) held its first meeting in June 2013 and is looking to develop secure and effective ICT (Information & Communication Technology) risk management practices.
The final result is a Guidance that was presented at the 3rd NIS Platform Plenary meeting of 30 April 2014 in Brussels and FERMA has been asked to give an 'outsiders' view on the NIS Platform guidance and whether it could be of use when assessing the maturity of organisations for cyber-security insurance coverage purposes.
Among others, this presentation tries to answer the following questions:
- How to assess the maturity of an organisation in terms of risk management and preparedness (gap analysis) .
-Are there any incentives that could lead to lower risk premiums for organisations that adhere to the best practices?
- What kinds of risks are currently covered by cybersecurity insurance policies, first party, third party, personal data loss, business data loss, losses due to interruption of business?
Risk and insurance managers of organizations representing a wide range of business sectors from major industrial and commercial companies to financial institutions and local government entities
4 permanent staff in Brussels. Close relationship with the European Institutions and major representations of the insurance industry in Brussels.
ISO/IEC 27000 family of standards, ISO Guide 73 (which is used by other risk standards including ISO 31000).
COBIT 5 was introduced in 2012 and is generally accepted as the other most commonly used information security standard.
The Information Security Forum (ISF) standard which is highly respected goes beyond the family of standards in ISO 27000.
Cover for some cyber risks already exists in "traditional" insurance covers - cyber insurance provides an umbrella above those covers, not instead of other insurance