SlideShare a Scribd company logo

Philippe Cotelle’s presentation on SPICE at AIRBUS, FERMA Forum 2015

Download as PPTX, PDF
FERMA
FERMA

Philippe Cotelle, Head of Insurance Risk Management at Airbus Defence and Space and member of the AMRAE, describes the development of a response methodology to create resilience against cyber risks. SPICE stands for Scenario Planning to Identify Cyber Exposure, and it is an initiative sponsored by the CFO of Airbus Defense and Space. It is a pilot programme for a business impact analysis to identify cyber-related disaster scenarios that could affect our operational capability and it is truly innovative.

Business
1 of 15
Cyber risks, a view from the industry Philippe COTELLE Head of Insurance Risk Management
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October A new industrial revolution 2 Where the aeronautic industry had been so a century ago… … this is how we see this in the coming decade :
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Cyber risks exposure Internet : a tool allowing the sharing of information between people in order to create an open world Difficulties to protect companies and their datas from the outside. 4
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Reputation What are the obstacles to a good assessment of our cyber risks ? 5 Wrong perception Confidentiality
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October SPICE initiative (Scenario Planning to Identify Cyber Exposure) 6 A pilot program for Business impact analysis on disaster scenarios affecting our operational capabilities related to a cyber-event Gathering representatives of all the functions as well as IT and IM Security to overcome 3 hurdles : • Explain to the operational people that we need them • Address the security issue with extreme care, • Be prepared to openly discuss some potential scenarios of exposure and do not assume that it is impossible to hack a company like us
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Scenarios identification 7 Scenario identification • Focus on disaster scenarios • clear hypothesis
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Assessing financial costs 8 Assessing financial cost of each scenario • Split scenarios in 4 different phases • Simplify the list of impacted functions • Compute over/under charge per scenario, per phase 10 46 88 22 Phase A Phase B Phase C Phase D 10 46 88 22 … Financial costs Scenario x Security Breach Crisis Remediation Investments Vigilance Security Breach Detection
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Assessing financial costs Lessons learned 9  NUMBERS are related to our financial exposure  There is no final number  The objective is to reach a consensus:  acceptable by everyone  valid for our analysis
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Evaluate probability of occurence 10 Quantify the technical probability of success of a scenario to occur • For each step of a given scenario, identify technical ways to proceed • Rate each step with a probability of occurrence (using internal probability scale) Assessment performed by the local Information Management Security APT Kill Chain description used in the technical threat scenario
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Evaluate probability of occurrence Lessons learned 11 Same method but different numbers !? 2 different approaches: • Need an homogeneous approach • Associate to each scenario the type of hacker and their motives If an attacker was effectively considering seriously to hack Airbus, then this must be a very strong organisation which in itself should have gathered all those unique skills and resources. Therefore their probabilities were more important. Given the defence systems in place, in order to be successful the attacker should gather so many different skills and resources that this was very unlikely to be plausible. As such the probabilities were therefore very low.
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Next Steps Provide a rationale for mitigation strategy 12 Insurance Premium cost is efficient Cost of implementing IT security % of Mitigation IT Investment make sense to mitigate the exposure Justify the interest of the transfer to insurance both for coverage and premium budget • IT investment to reduce the probability of occurrence, until the point of time when costs are too high. • At that point of time insurance becomes complementary (and not competitive) to IT measures and is efficient from a cost point of view Risk identification Risk Assessment Risk Response
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Challenges 13 The process needs to be performed regularly and be as exhaustive as possible • a strategy allowing to manage the roll out of this process across the entire organisation, products and countries • an efficient process manageable with the operational teams
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Challenges 14 The insurance market needs as well to face several challenges : Conditions of dialog with the insurers Problem of reputation in case of a claim Claim settlement
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Conclusion 15 • Our mission to support technological development and to develop the conditions of securing and mitigating the unavoidable risks that such opportunities generate. • Support from top management required down to every level of the operations. • The methodology is key to obtain valuable results • Many challenges are still in front of us all, there is no One response  A key message from the Board towards external stakeholders.  The question on the standard for cyber risk assessment
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Thank you ! 16

Recommended

Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
FERMA
 
Julia Graham's presentation to FUEDI general assembly 2014
Julia Graham's presentation to FUEDI general assembly 2014Julia Graham's presentation to FUEDI general assembly 2014
Julia Graham's presentation to FUEDI general assembly 2014
FERMA
 
Increased Risk Reporting Requirements: 5th webinar with ecoDa and AIG
Increased Risk Reporting Requirements: 5th webinar with ecoDa and AIGIncreased Risk Reporting Requirements: 5th webinar with ecoDa and AIG
Increased Risk Reporting Requirements: 5th webinar with ecoDa and AIG
FERMA
 
Board Governance and Emerging Risks in the C21
Board Governance and Emerging Risks in the C21Board Governance and Emerging Risks in the C21
Board Governance and Emerging Risks in the C21
FERMA
 
EU/US boards’ approach to cyber risk governance - webinar presentation
EU/US boards’ approach to cyber risk governance - webinar presentationEU/US boards’ approach to cyber risk governance - webinar presentation
EU/US boards’ approach to cyber risk governance - webinar presentation
FERMA
 
Risk Leadership on the Boardroom Agenda
Risk Leadership on the Boardroom AgendaRisk Leadership on the Boardroom Agenda
Risk Leadership on the Boardroom Agenda
FERMA
 
CTO-CybersecurityForum-2010-Des Ward
CTO-CybersecurityForum-2010-Des WardCTO-CybersecurityForum-2010-Des Ward
CTO-CybersecurityForum-2010-Des Ward
segughana
 
European Trends in Travel Risk Management 2015
European Trends in Travel Risk Management 2015European Trends in Travel Risk Management 2015
European Trends in Travel Risk Management 2015
FERMA
 

Recommended

Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
FERMA
 
Julia Graham's presentation to FUEDI general assembly 2014
Julia Graham's presentation to FUEDI general assembly 2014Julia Graham's presentation to FUEDI general assembly 2014
Julia Graham's presentation to FUEDI general assembly 2014
FERMA
 
Increased Risk Reporting Requirements: 5th webinar with ecoDa and AIG
Increased Risk Reporting Requirements: 5th webinar with ecoDa and AIGIncreased Risk Reporting Requirements: 5th webinar with ecoDa and AIG
Increased Risk Reporting Requirements: 5th webinar with ecoDa and AIG
FERMA
 
Board Governance and Emerging Risks in the C21
Board Governance and Emerging Risks in the C21Board Governance and Emerging Risks in the C21
Board Governance and Emerging Risks in the C21
FERMA
 
EU/US boards’ approach to cyber risk governance - webinar presentation
EU/US boards’ approach to cyber risk governance - webinar presentationEU/US boards’ approach to cyber risk governance - webinar presentation
EU/US boards’ approach to cyber risk governance - webinar presentation
FERMA
 
Risk Leadership on the Boardroom Agenda
Risk Leadership on the Boardroom AgendaRisk Leadership on the Boardroom Agenda
Risk Leadership on the Boardroom Agenda
FERMA
 
CTO-CybersecurityForum-2010-Des Ward
CTO-CybersecurityForum-2010-Des WardCTO-CybersecurityForum-2010-Des Ward
CTO-CybersecurityForum-2010-Des Ward
segughana
 
European Trends in Travel Risk Management 2015
European Trends in Travel Risk Management 2015European Trends in Travel Risk Management 2015
European Trends in Travel Risk Management 2015
FERMA
 
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPR
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPRHow an ISO/IEC 27001 Based ISMS Will Support the EU GDPR
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPR
PECB
 
rimap Code of Ethics
rimap Code of Ethicsrimap Code of Ethics
rimap Code of Ethics
FERMA
 
Cyber Security Risk Management
Cyber Security Risk ManagementCyber Security Risk Management
Cyber Security Risk Management
Shaun Sloan
 
What CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber SecurityWhat CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber Security
Phil Agcaoili
 
Organizational Resilience Management - an Integrated GRC Approach
Organizational Resilience Management - an Integrated GRC ApproachOrganizational Resilience Management - an Integrated GRC Approach
Organizational Resilience Management - an Integrated GRC Approach
PECB
 
Simplifying Security for Cloud Adoption - Defining your game plan
Simplifying Security for Cloud Adoption - Defining your game planSimplifying Security for Cloud Adoption - Defining your game plan
Simplifying Security for Cloud Adoption - Defining your game plan
Securestorm
 
Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...
PECB
 
Cyber Security Vendor Risk Management /Supply Chain Risk Management
Cyber Security Vendor Risk Management /Supply Chain Risk ManagementCyber Security Vendor Risk Management /Supply Chain Risk Management
Cyber Security Vendor Risk Management /Supply Chain Risk Management
Mafazo: Digital Solutions
 
CTPAT and Cybersecurity.
CTPAT and Cybersecurity. CTPAT and Cybersecurity.
CTPAT and Cybersecurity.
Dan Petrosini
 
Supply Chain Risk Management corrected - Whitepaper
Supply Chain Risk Management corrected - WhitepaperSupply Chain Risk Management corrected - Whitepaper
Supply Chain Risk Management corrected - Whitepaper
NIIT Technologies
 
Six Degrees: Securing your business data - Nov 29 2018
Six Degrees: Securing your business data - Nov 29 2018Six Degrees: Securing your business data - Nov 29 2018
Six Degrees: Securing your business data - Nov 29 2018
Six Degrees
 
Business Continuity requires a Security Architecture to reduce risk and cost
Business Continuity requires a Security Architecture to reduce risk and costBusiness Continuity requires a Security Architecture to reduce risk and cost
Business Continuity requires a Security Architecture to reduce risk and cost
PECB
 
Ferma Network booklet 2017
Ferma Network booklet 2017Ferma Network booklet 2017
Ferma Network booklet 2017
Laetitia Fung
 
Smart Cities – The Security Aspects
Smart Cities – The Security AspectsSmart Cities – The Security Aspects
Smart Cities – The Security Aspects
PECB
 
Bournemouth- Essential 6-monthly Finance Directors' Update - June 2017
Bournemouth- Essential 6-monthly Finance Directors' Update - June 2017 Bournemouth- Essential 6-monthly Finance Directors' Update - June 2017
Bournemouth- Essential 6-monthly Finance Directors' Update - June 2017
PKF Francis Clark
 
Csi 2009 Main Brochure
Csi 2009 Main BrochureCsi 2009 Main Brochure
Csi 2009 Main Brochure
guest24269d
 
Transparency International Malaysia: Business Integrity Programme
Transparency International Malaysia: Business Integrity ProgrammeTransparency International Malaysia: Business Integrity Programme
Transparency International Malaysia: Business Integrity Programme
Ethical Sector
 
College insurance category training
College insurance category trainingCollege insurance category training
College insurance category training
CPL Group
 
New Rules Coming for CTPAT
New Rules Coming for CTPATNew Rules Coming for CTPAT
New Rules Coming for CTPAT
Dan Petrosini
 
Threat Intelligence Market
Threat Intelligence MarketThreat Intelligence Market
Threat Intelligence Market
Datsun Arnold
 
FERMA European Risk and Insurance Report (ERIR) 2016
FERMA European Risk and Insurance Report (ERIR) 2016FERMA European Risk and Insurance Report (ERIR) 2016
FERMA European Risk and Insurance Report (ERIR) 2016
FERMA
 
Data protection webinar presentation AIG ecoDa FERMA 23 feb 2016
Data protection webinar presentation AIG ecoDa FERMA 23 feb 2016Data protection webinar presentation AIG ecoDa FERMA 23 feb 2016
Data protection webinar presentation AIG ecoDa FERMA 23 feb 2016
FERMA
 

More Related Content

What's hot

Cyber Security Risk Management
Cyber Security Risk ManagementCyber Security Risk Management
Cyber Security Risk Management
Shaun Sloan
 
Threat Intelligence Market
Threat Intelligence MarketThreat Intelligence Market
Threat Intelligence Market
Datsun Arnold
 

What's hot (20)

How an ISO/IEC 27001 Based ISMS Will Support the EU GDPR
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPRHow an ISO/IEC 27001 Based ISMS Will Support the EU GDPR
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPR
 
rimap Code of Ethics
rimap Code of Ethicsrimap Code of Ethics
rimap Code of Ethics
 
Cyber Security Risk Management
Cyber Security Risk ManagementCyber Security Risk Management
Cyber Security Risk Management
 
What CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber SecurityWhat CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber Security
 
Organizational Resilience Management - an Integrated GRC Approach
Organizational Resilience Management - an Integrated GRC ApproachOrganizational Resilience Management - an Integrated GRC Approach
Organizational Resilience Management - an Integrated GRC Approach
 
Simplifying Security for Cloud Adoption - Defining your game plan
Simplifying Security for Cloud Adoption - Defining your game planSimplifying Security for Cloud Adoption - Defining your game plan
Simplifying Security for Cloud Adoption - Defining your game plan
 
Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...
 
Cyber Security Vendor Risk Management /Supply Chain Risk Management
Cyber Security Vendor Risk Management /Supply Chain Risk ManagementCyber Security Vendor Risk Management /Supply Chain Risk Management
Cyber Security Vendor Risk Management /Supply Chain Risk Management
 
CTPAT and Cybersecurity.
CTPAT and Cybersecurity. CTPAT and Cybersecurity.
CTPAT and Cybersecurity.
 
Supply Chain Risk Management corrected - Whitepaper
Supply Chain Risk Management corrected - WhitepaperSupply Chain Risk Management corrected - Whitepaper
Supply Chain Risk Management corrected - Whitepaper
 
Six Degrees: Securing your business data - Nov 29 2018
Six Degrees: Securing your business data - Nov 29 2018Six Degrees: Securing your business data - Nov 29 2018
Six Degrees: Securing your business data - Nov 29 2018
 
Business Continuity requires a Security Architecture to reduce risk and cost
Business Continuity requires a Security Architecture to reduce risk and costBusiness Continuity requires a Security Architecture to reduce risk and cost
Business Continuity requires a Security Architecture to reduce risk and cost
 
Ferma Network booklet 2017
Ferma Network booklet 2017Ferma Network booklet 2017
Ferma Network booklet 2017
 
Smart Cities – The Security Aspects
Smart Cities – The Security AspectsSmart Cities – The Security Aspects
Smart Cities – The Security Aspects
 
Bournemouth- Essential 6-monthly Finance Directors' Update - June 2017
Bournemouth- Essential 6-monthly Finance Directors' Update - June 2017 Bournemouth- Essential 6-monthly Finance Directors' Update - June 2017
Bournemouth- Essential 6-monthly Finance Directors' Update - June 2017
 
Csi 2009 Main Brochure
Csi 2009 Main BrochureCsi 2009 Main Brochure
Csi 2009 Main Brochure
 
Transparency International Malaysia: Business Integrity Programme
Transparency International Malaysia: Business Integrity ProgrammeTransparency International Malaysia: Business Integrity Programme
Transparency International Malaysia: Business Integrity Programme
 
College insurance category training
College insurance category trainingCollege insurance category training
College insurance category training
 
New Rules Coming for CTPAT
New Rules Coming for CTPATNew Rules Coming for CTPAT
New Rules Coming for CTPAT
 
Threat Intelligence Market
Threat Intelligence MarketThreat Intelligence Market
Threat Intelligence Market
 

Viewers also liked

Data protection webinar presentation AIG ecoDa FERMA 23 feb 2016
Data protection webinar presentation AIG ecoDa FERMA 23 feb 2016Data protection webinar presentation AIG ecoDa FERMA 23 feb 2016
Data protection webinar presentation AIG ecoDa FERMA 23 feb 2016
FERMA
 
DeltaV Security - Don’t Let Your Business Be Caught Without It
DeltaV Security - Don’t Let Your Business Be Caught Without ItDeltaV Security - Don’t Let Your Business Be Caught Without It
DeltaV Security - Don’t Let Your Business Be Caught Without It
Emerson Exchange
 
Scenario Testing
Scenario TestingScenario Testing
Scenario Testing
realbot
 
Scenario Models and Sensitivity Analysis in Operational Risk
Scenario Models and Sensitivity Analysis in Operational Risk Scenario Models and Sensitivity Analysis in Operational Risk
Scenario Models and Sensitivity Analysis in Operational Risk
RUIXIN BAO
 
PECB Webinar: Risk Treatment according to ISO 27005
PECB Webinar: Risk Treatment according to ISO 27005PECB Webinar: Risk Treatment according to ISO 27005
PECB Webinar: Risk Treatment according to ISO 27005
PECB
 

Viewers also liked (16)

FERMA European Risk and Insurance Report (ERIR) 2016
FERMA European Risk and Insurance Report (ERIR) 2016FERMA European Risk and Insurance Report (ERIR) 2016
FERMA European Risk and Insurance Report (ERIR) 2016
 
Data protection webinar presentation AIG ecoDa FERMA 23 feb 2016
Data protection webinar presentation AIG ecoDa FERMA 23 feb 2016Data protection webinar presentation AIG ecoDa FERMA 23 feb 2016
Data protection webinar presentation AIG ecoDa FERMA 23 feb 2016
 
rimap Body of Knowledge
rimap Body of Knowledgerimap Body of Knowledge
rimap Body of Knowledge
 
rimap leaflet
rimap leafletrimap leaflet
rimap leaflet
 
rimap Continuous Professional Development
rimap Continuous Professional Developmentrimap Continuous Professional Development
rimap Continuous Professional Development
 
DeltaV Security - Don’t Let Your Business Be Caught Without It
DeltaV Security - Don’t Let Your Business Be Caught Without ItDeltaV Security - Don’t Let Your Business Be Caught Without It
DeltaV Security - Don’t Let Your Business Be Caught Without It
 
CH&Cie_GRA_Stress-testing offer
CH&Cie_GRA_Stress-testing offerCH&Cie_GRA_Stress-testing offer
CH&Cie_GRA_Stress-testing offer
 
Scenario Testing
Scenario TestingScenario Testing
Scenario Testing
 
Icef miami 2014 risk reward
Icef miami 2014 risk rewardIcef miami 2014 risk reward
Icef miami 2014 risk reward
 
European Risk and Insurance Report: Executive Summary of the FERMA Risk Manag...
European Risk and Insurance Report: Executive Summary of the FERMA Risk Manag...European Risk and Insurance Report: Executive Summary of the FERMA Risk Manag...
European Risk and Insurance Report: Executive Summary of the FERMA Risk Manag...
 
FERMA Risk and Insurance Report 2016 - full report with questions
FERMA Risk and Insurance Report 2016 - full report with questionsFERMA Risk and Insurance Report 2016 - full report with questions
FERMA Risk and Insurance Report 2016 - full report with questions
 
FERMA European risk and insurance report 2016 - full set of results
FERMA European risk and insurance report 2016 - full set of resultsFERMA European risk and insurance report 2016 - full set of results
FERMA European risk and insurance report 2016 - full set of results
 
Scenario Models and Sensitivity Analysis in Operational Risk
Scenario Models and Sensitivity Analysis in Operational Risk Scenario Models and Sensitivity Analysis in Operational Risk
Scenario Models and Sensitivity Analysis in Operational Risk
 
PECB Webinar: Risk Treatment according to ISO 27005
PECB Webinar: Risk Treatment according to ISO 27005PECB Webinar: Risk Treatment according to ISO 27005
PECB Webinar: Risk Treatment according to ISO 27005
 
Operational Risk & Basel Ii
Operational Risk & Basel IiOperational Risk & Basel Ii
Operational Risk & Basel Ii
 
ISO 27005 Risk Assessment
ISO 27005 Risk AssessmentISO 27005 Risk Assessment
ISO 27005 Risk Assessment
 

Similar to Philippe Cotelle’s presentation on SPICE at AIRBUS, FERMA Forum 2015

Secure Use of Cloud Computing in the Finance Sector
Secure Use of Cloud Computing in the Finance SectorSecure Use of Cloud Computing in the Finance Sector
Secure Use of Cloud Computing in the Finance Sector
Eftychia Chalvatzi
 
BEinCPPS Webinar
BEinCPPS WebinarBEinCPPS Webinar
BEinCPPS Webinar
I4MS_eu
 
IEEE Education Society: Reshaping the Future of Technology
IEEE Education Society: Reshaping the Future of Technology IEEE Education Society: Reshaping the Future of Technology
IEEE Education Society: Reshaping the Future of Technology
Manuel Castro
 
Margherita Volpe – Presentation Slides_Accelators session_v02_06052023.pptx
Margherita Volpe – Presentation Slides_Accelators session_v02_06052023.pptxMargherita Volpe – Presentation Slides_Accelators session_v02_06052023.pptx
Margherita Volpe – Presentation Slides_Accelators session_v02_06052023.pptx
FIWARE
 

Similar to Philippe Cotelle’s presentation on SPICE at AIRBUS, FERMA Forum 2015 (20)

2015.10.06 Cyber Risks
2015.10.06 Cyber Risks2015.10.06 Cyber Risks
2015.10.06 Cyber Risks
 
2015.10.05 ANRA Session - Alberto Monti
2015.10.05 ANRA Session - Alberto Monti2015.10.05 ANRA Session - Alberto Monti
2015.10.05 ANRA Session - Alberto Monti
 
WISER @Ferma Forum, 4-7 October 2015, Venice, Italy
WISER @Ferma Forum, 4-7 October 2015, Venice, ItalyWISER @Ferma Forum, 4-7 October 2015, Venice, Italy
WISER @Ferma Forum, 4-7 October 2015, Venice, Italy
 
2015.10.06 Resilience and Large claims
2015.10.06 Resilience and Large claims2015.10.06 Resilience and Large claims
2015.10.06 Resilience and Large claims
 
The New Connected Claim Paradigm
The New Connected Claim ParadigmThe New Connected Claim Paradigm
The New Connected Claim Paradigm
 
FUNDING OPPORTUNITIES FOR FIWARE
FUNDING OPPORTUNITIES FOR FIWAREFUNDING OPPORTUNITIES FOR FIWARE
FUNDING OPPORTUNITIES FOR FIWARE
 
2015.10.06 employee benefits
2015.10.06 employee benefits2015.10.06 employee benefits
2015.10.06 employee benefits
 
Insurtech - Connected Insurance Observatory
Insurtech - Connected Insurance ObservatoryInsurtech - Connected Insurance Observatory
Insurtech - Connected Insurance Observatory
 
2015.10.05 ANRA Session Paolo Bazzuro
2015.10.05 ANRA Session Paolo Bazzuro2015.10.05 ANRA Session Paolo Bazzuro
2015.10.05 ANRA Session Paolo Bazzuro
 
Beawre pitch
Beawre pitchBeawre pitch
Beawre pitch
 
ECIL: EU Cybersecurity Package and EU Certification Framework
ECIL: EU Cybersecurity Package and EU Certification FrameworkECIL: EU Cybersecurity Package and EU Certification Framework
ECIL: EU Cybersecurity Package and EU Certification Framework
 
Secure Use of Cloud Computing in the Finance Sector
Secure Use of Cloud Computing in the Finance SectorSecure Use of Cloud Computing in the Finance Sector
Secure Use of Cloud Computing in the Finance Sector
 
deftcon 2015 - Nino Vincenzo Verde - European Antitrust Forensic IT Tools
deftcon 2015 - Nino Vincenzo Verde - European Antitrust Forensic IT Toolsdeftcon 2015 - Nino Vincenzo Verde - European Antitrust Forensic IT Tools
deftcon 2015 - Nino Vincenzo Verde - European Antitrust Forensic IT Tools
 
Fintech Belgium_Webinar 3: Cybersecurity / Covid-19: Home Working Challenge ...
Fintech Belgium_Webinar 3: Cybersecurity / Covid-19: Home Working Challenge ... Fintech Belgium_Webinar 3: Cybersecurity / Covid-19: Home Working Challenge ...
Fintech Belgium_Webinar 3: Cybersecurity / Covid-19: Home Working Challenge ...
 
BEinCPPS Webinar
BEinCPPS WebinarBEinCPPS Webinar
BEinCPPS Webinar
 
IEEE Education Society: Reshaping the Future of Technology
IEEE Education Society: Reshaping the Future of Technology IEEE Education Society: Reshaping the Future of Technology
IEEE Education Society: Reshaping the Future of Technology
 
Intermedia 2.0
Intermedia 2.0Intermedia 2.0
Intermedia 2.0
 
Margherita Volpe – Presentation Slides_Accelators session_v02_06052023.pptx
Margherita Volpe – Presentation Slides_Accelators session_v02_06052023.pptxMargherita Volpe – Presentation Slides_Accelators session_v02_06052023.pptx
Margherita Volpe – Presentation Slides_Accelators session_v02_06052023.pptx
 
2015.10.05 evolution of risk and audit
2015.10.05 evolution of risk and audit2015.10.05 evolution of risk and audit
2015.10.05 evolution of risk and audit
 
IoTinsObs
IoTinsObsIoTinsObs
IoTinsObs
 

More from FERMA

Webinar: Risk management in a global pandemic - Early lessons learned, EU – U...
Webinar: Risk management in a global pandemic - Early lessons learned, EU – U...Webinar: Risk management in a global pandemic - Early lessons learned, EU – U...
Webinar: Risk management in a global pandemic - Early lessons learned, EU – U...
FERMA
 
GDPR & corporate Governance, Evaluation after 2 years implementation
GDPR & corporate Governance, Evaluation after 2 years implementationGDPR & corporate Governance, Evaluation after 2 years implementation
GDPR & corporate Governance, Evaluation after 2 years implementation
FERMA
 
The European risk manager report 2020: webinar presentation
The European risk manager report 2020: webinar presentationThe European risk manager report 2020: webinar presentation
The European risk manager report 2020: webinar presentation
FERMA
 
Webinar: Why risk managers should look at Artificial Intelligence now?
Webinar: Why risk managers should look at Artificial Intelligence now?Webinar: Why risk managers should look at Artificial Intelligence now?
Webinar: Why risk managers should look at Artificial Intelligence now?
FERMA
 
GDPR & corporate governance: the role of risk management and internal audit o...
GDPR & corporate governance: the role of risk management and internal audit o...GDPR & corporate governance: the role of risk management and internal audit o...
GDPR & corporate governance: the role of risk management and internal audit o...
FERMA
 
Ferma report: Artificial Intelligence applied to Risk Management
Ferma report: Artificial Intelligence applied to Risk Management Ferma report: Artificial Intelligence applied to Risk Management
Ferma report: Artificial Intelligence applied to Risk Management
FERMA
 

More from FERMA (20)

FERMA contribution to the French Presidency agenda
FERMA contribution to the French Presidency agendaFERMA contribution to the French Presidency agenda
FERMA contribution to the French Presidency agenda
 
The role of risk management in corporate resilience
The role of risk management in corporate resilienceThe role of risk management in corporate resilience
The role of risk management in corporate resilience
 
Webinar: the role of risk management in corporate resilience
Webinar: the role of risk management in corporate resilience Webinar: the role of risk management in corporate resilience
Webinar: the role of risk management in corporate resilience
 
People, Planet & Performance: sustainability guide for risk and insurance man...
People, Planet & Performance: sustainability guide for risk and insurance man...People, Planet & Performance: sustainability guide for risk and insurance man...
People, Planet & Performance: sustainability guide for risk and insurance man...
 
Collaboration of the Year Award winner 2020: Pim Moerman and Rob van den Eijn...
Collaboration of the Year Award winner 2020: Pim Moerman and Rob van den Eijn...Collaboration of the Year Award winner 2020: Pim Moerman and Rob van den Eijn...
Collaboration of the Year Award winner 2020: Pim Moerman and Rob van den Eijn...
 
Argo Group: operationalizing emerging risk 2020
Argo Group: operationalizing emerging risk 2020Argo Group: operationalizing emerging risk 2020
Argo Group: operationalizing emerging risk 2020
 
Argo Group: entry for emerging risk initiative of the year Award 2020
Argo Group: entry for emerging risk initiative of the year Award 2020Argo Group: entry for emerging risk initiative of the year Award 2020
Argo Group: entry for emerging risk initiative of the year Award 2020
 
George Ong, Chief Risk Officer, Northern Ireland Water
George Ong, Chief Risk Officer, Northern Ireland WaterGeorge Ong, Chief Risk Officer, Northern Ireland Water
George Ong, Chief Risk Officer, Northern Ireland Water
 
Webinar: Risk management in a global pandemic - Early lessons learned, EU – U...
Webinar: Risk management in a global pandemic - Early lessons learned, EU – U...Webinar: Risk management in a global pandemic - Early lessons learned, EU – U...
Webinar: Risk management in a global pandemic - Early lessons learned, EU – U...
 
Risk management recovery and resilience covid 19 survey report 2020 2020.12.0...
Risk management recovery and resilience covid 19 survey report 2020 2020.12.0...Risk management recovery and resilience covid 19 survey report 2020 2020.12.0...
Risk management recovery and resilience covid 19 survey report 2020 2020.12.0...
 
GDPR & corporate Governance, Evaluation after 2 years implementation
GDPR & corporate Governance, Evaluation after 2 years implementationGDPR & corporate Governance, Evaluation after 2 years implementation
GDPR & corporate Governance, Evaluation after 2 years implementation
 
The European risk manager report 2020: webinar presentation
The European risk manager report 2020: webinar presentationThe European risk manager report 2020: webinar presentation
The European risk manager report 2020: webinar presentation
 
FERMA European Risk Manager Report 2020: full set of results
FERMA European Risk Manager Report 2020: full set of results FERMA European Risk Manager Report 2020: full set of results
FERMA European Risk Manager Report 2020: full set of results
 
Webinar: Why risk managers should look at Artificial Intelligence now?
Webinar: Why risk managers should look at Artificial Intelligence now?Webinar: Why risk managers should look at Artificial Intelligence now?
Webinar: Why risk managers should look at Artificial Intelligence now?
 
GDPR & corporate governance: the role of risk management and internal audit o...
GDPR & corporate governance: the role of risk management and internal audit o...GDPR & corporate governance: the role of risk management and internal audit o...
GDPR & corporate governance: the role of risk management and internal audit o...
 
GDPR & corporate governance: The Role of Internal Audit and Risk Management O...
GDPR & corporate governance: The Role of Internal Audit and Risk Management O...GDPR & corporate governance: The Role of Internal Audit and Risk Management O...
GDPR & corporate governance: The Role of Internal Audit and Risk Management O...
 
Ferma report: Artificial Intelligence applied to Risk Management
Ferma report: Artificial Intelligence applied to Risk Management Ferma report: Artificial Intelligence applied to Risk Management
Ferma report: Artificial Intelligence applied to Risk Management
 
Facts and figures about our risk management associations in Europe 2019
Facts and figures about our risk management associations in Europe 2019Facts and figures about our risk management associations in Europe 2019
Facts and figures about our risk management associations in Europe 2019
 
Risk Manager European Profile 2018
Risk Manager European Profile 2018Risk Manager European Profile 2018
Risk Manager European Profile 2018
 
Webinar: how risk management can contribute to sustainable growth?
Webinar: how risk management can contribute to sustainable growth?Webinar: how risk management can contribute to sustainable growth?
Webinar: how risk management can contribute to sustainable growth?
 

Recently uploaded

Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGParadip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
pr788182
 
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service AvailableNashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
pr788182
 
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book nowGUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
kapoorjyoti4444
 
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book nowPARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
kapoorjyoti4444
 
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All TimeCall 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
gargpaaro
 
Pre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptxPre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptx
Roofing Contractor
 
Mckinsey foundation level Handbook for Viewing
Mckinsey foundation level Handbook for ViewingMckinsey foundation level Handbook for Viewing
Mckinsey foundation level Handbook for Viewing
Nauman Safdar
 

Recently uploaded (20)

Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGParadip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
 
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service AvailableNashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
 
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book nowGUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
 
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGBerhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
 
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
 
HomeRoots Pitch Deck | Investor Insights | April 2024
HomeRoots Pitch Deck | Investor Insights | April 2024HomeRoots Pitch Deck | Investor Insights | April 2024
HomeRoots Pitch Deck | Investor Insights | April 2024
 
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAIGetting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
 
Durg CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN durg ESCORTS
Durg CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN durg ESCORTSDurg CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN durg ESCORTS
Durg CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN durg ESCORTS
 
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptxQSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
 
Falcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business Growth
 
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book nowPARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
 
Arti Languages Pre Seed Teaser Deck 2024.pdf
Arti Languages Pre Seed Teaser Deck 2024.pdfArti Languages Pre Seed Teaser Deck 2024.pdf
Arti Languages Pre Seed Teaser Deck 2024.pdf
 
JAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTS
JAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTSJAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTS
JAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTS
 
Putting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxPutting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptx
 
Cannabis Legalization World Map: 2024 Updated
Cannabis Legalization World Map: 2024 UpdatedCannabis Legalization World Map: 2024 Updated
Cannabis Legalization World Map: 2024 Updated
 
Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...
Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...
Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...
 
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All TimeCall 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
 
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
 
Pre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptxPre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptx
 
Mckinsey foundation level Handbook for Viewing
Mckinsey foundation level Handbook for ViewingMckinsey foundation level Handbook for Viewing
Mckinsey foundation level Handbook for Viewing
 

Philippe Cotelle’s presentation on SPICE at AIRBUS, FERMA Forum 2015

  • 1. Cyber risks, a view from the industry Philippe COTELLE Head of Insurance Risk Management
  • 2. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October A new industrial revolution 2 Where the aeronautic industry had been so a century ago… … this is how we see this in the coming decade :
  • 3. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Cyber risks exposure Internet : a tool allowing the sharing of information between people in order to create an open world Difficulties to protect companies and their datas from the outside. 4
  • 4. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Reputation What are the obstacles to a good assessment of our cyber risks ? 5 Wrong perception Confidentiality
  • 5. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October SPICE initiative (Scenario Planning to Identify Cyber Exposure) 6 A pilot program for Business impact analysis on disaster scenarios affecting our operational capabilities related to a cyber-event Gathering representatives of all the functions as well as IT and IM Security to overcome 3 hurdles : • Explain to the operational people that we need them • Address the security issue with extreme care, • Be prepared to openly discuss some potential scenarios of exposure and do not assume that it is impossible to hack a company like us
  • 6. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Scenarios identification 7 Scenario identification • Focus on disaster scenarios • clear hypothesis
  • 7. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Assessing financial costs 8 Assessing financial cost of each scenario • Split scenarios in 4 different phases • Simplify the list of impacted functions • Compute over/under charge per scenario, per phase 10 46 88 22 Phase A Phase B Phase C Phase D 10 46 88 22 … Financial costs Scenario x Security Breach Crisis Remediation Investments Vigilance Security Breach Detection
  • 8. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Assessing financial costs Lessons learned 9  NUMBERS are related to our financial exposure  There is no final number  The objective is to reach a consensus:  acceptable by everyone  valid for our analysis
  • 9. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Evaluate probability of occurence 10 Quantify the technical probability of success of a scenario to occur • For each step of a given scenario, identify technical ways to proceed • Rate each step with a probability of occurrence (using internal probability scale) Assessment performed by the local Information Management Security APT Kill Chain description used in the technical threat scenario
  • 10. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Evaluate probability of occurrence Lessons learned 11 Same method but different numbers !? 2 different approaches: • Need an homogeneous approach • Associate to each scenario the type of hacker and their motives If an attacker was effectively considering seriously to hack Airbus, then this must be a very strong organisation which in itself should have gathered all those unique skills and resources. Therefore their probabilities were more important. Given the defence systems in place, in order to be successful the attacker should gather so many different skills and resources that this was very unlikely to be plausible. As such the probabilities were therefore very low.
  • 11. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Next Steps Provide a rationale for mitigation strategy 12 Insurance Premium cost is efficient Cost of implementing IT security % of Mitigation IT Investment make sense to mitigate the exposure Justify the interest of the transfer to insurance both for coverage and premium budget • IT investment to reduce the probability of occurrence, until the point of time when costs are too high. • At that point of time insurance becomes complementary (and not competitive) to IT measures and is efficient from a cost point of view Risk identification Risk Assessment Risk Response
  • 12. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Challenges 13 The process needs to be performed regularly and be as exhaustive as possible • a strategy allowing to manage the roll out of this process across the entire organisation, products and countries • an efficient process manageable with the operational teams
  • 13. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Challenges 14 The insurance market needs as well to face several challenges : Conditions of dialog with the insurers Problem of reputation in case of a claim Claim settlement
  • 14. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Conclusion 15 • Our mission to support technological development and to develop the conditions of securing and mitigating the unavoidable risks that such opportunities generate. • Support from top management required down to every level of the operations. • The methodology is key to obtain valuable results • Many challenges are still in front of us all, there is no One response  A key message from the Board towards external stakeholders.  The question on the standard for cyber risk assessment
  • 15. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Thank you ! 16