Launched in February 2013 by the Cybersecurity Strategy of the European Union, the public-private platform on NIS (Network & Information Security) held its first meeting in June 2013 and is looking to develop secure and effective ICT (Information & Communication Technology) risk management practices. The final result is a Guidance that was presented at the 3rd NIS Platform Plenary meeting of 30 April 2014 in Brussels and FERMA has been asked to give an 'outsiders' view on the NIS Platform guidance and whether it could be of use when assessing the maturity of organisations for cyber-security insurance coverage purposes. Among others, this presentation tries to answer the following questions: - How to assess the maturity of an organisation in terms of risk management and preparedness (gap analysis) . -Are there any incentives that could lead to lower risk premiums for organisations that adhere to the best practices? - What kinds of risks are currently covered by cybersecurity insurance policies, first party, third party, personal data loss, business data loss, losses due to interruption of business?

1. © 2014 FERMA
Potential use of NIS Platform
Guidance for cyber-insurance purposes
3rd
NIS Network & Information Security Platform Plenary meeting
Brussels, 30 April 2014
Julien Bedhouche
FERMA European Affairs Adviser

2. © 2014 FERMA© 2014 FERMA
BACKGROUND

3. © 2014 FERMA© 2014 FERMA
FERMA Presence
22 member associations in 20 countries
4336 individual
members who are
responsible for risk
management and / or
insurance in their
organisations

4. © 2014 FERMA© 2014 FERMA
Purpose

5. © 2014 FERMA
Cyber is still an emerging risk
• The Global Risks Report from the World
Economic Forum 2014 identified Digital
Disintegration as one of three key areas of global
risk
• While the Internet is designed for resilience, it
has little inherent security and so “attackers”
have still the advantage over “defenders
• Organizations need to respond through strategic
planning, and review their resilience framework
• But organizations cannot solve these problems
on their own and there is a need for more joint
working at a global, regional and local level
• There is a need for more long term thinking

6. © 2014 FERMA© 2014 FERMA
Cybersecurity and Risk Managers

7. © 2014 FERMA© 2014 FERMA
The NISP Guidance Documents

8. © 2014 FERMA© 2014 FERMA
Kite marks and standards

9. © 2014 FERMA© 2014 FERMA
Current situations for companies

10. © 2014 FERMA© 2014 FERMA
The world continues to learn

11. © 2014 FERMA© 2014 FERMA
Cyber insurance

12. © 2014 FERMA
Cyber insurance in the NISP documents
(p.3, 4 & 28)

13. © 2014 FERMA© 2014 FERMA
Shortcoming for Critical National
Infrastructures

14. © 2014 FERMA© 2014 FERMA
Insurers becoming more cyber-savvy

15. © 2014 FERMA© 2014 FERMA
CONCLUSIONS 1/2

16. © 2014 FERMA© 2014 FERMA
CONCLUSIONS 2/2

17. © 2014 FERMA© 2014 FERMA
Legal Notice
2014 FERMA. All rights reserved. You are not permitted to create any
modifications or derivatives of this presentation or to use it for
commercial or other public purposes without the prior written
permission of FERMA.
Although all the information used was taken from reliable sources,
FERMA does not accept any responsibility for the accuracy or
comprehensiveness of the details given.
All liability for the accuracy and completeness thereof or for any
damage resulting from the use of the information contained in this
presentation is expressly excluded.
Under no circumstances shall FERMA be liable for any financial and/or
consequential loss relating to this presentation.