Ferma welcomes EU’s proposed ‘united front’ on cyber resilience

Insurance implications need close examination

Ferma believes the EU’s recent announcement on its proposed EU Cyber Solidarity Act is a “critical step” forward in achieving Europe-wide cyber resilience.

But the Brussels-based federation is wary of the potential impact the new rules could have on the ability of companies to purchase adequate cyber insurance coverage.

“It remains to be seen how current market conditions will be impacted by such a wide-ranging piece of legislation,” Ferma CEO Typhaine Beaupérin told Commercial Risk this week.

The big move on cyber came on 18 April as the EC proposed the EU Cyber Solidarity Act (CSA) to improve the preparedness, detection and response to cybersecurity incidents across the EU.

The EU said that the CSA aims to strengthen capacities to detect, prepare for and respond to significant and large-scale cybersecurity threats and attacks.

The proposal includes a European Cybersecurity Shield, comprised of Security Operation Centres interconnected across the EU, and a comprehensive Cybersecurity Emergency Mechanism to improve the EU’s “cyber posture”, said the EC.

Ferma reacted positively to the news.

“The recent announcement by the European Commission on the proposed EU Cyber Solidarity Act has the potential to be a significant forward step in bolstering cyber resilience across all member states,” Beaupérin told Commercial Risk.

The Ferma CEO explained that while the act forms one part of a wider network of cyber-focused legislation, including the Cyber Resilience Act and the Cybersecurity Act, it is in many ways a “missing part” in the cyber resilience ecosystem.

This is because it proposes an EU-wide cyber network, with all countries working collaboratively to strengthen cybersecurity measures, said Beaupérin.

“Much of the existing legislation places the onus at the individual country or company level to bear the cyber resilience burden. Under the new Act, there is very much a sense of shared responsibility, with all parties contributing to the protection of the European economy,” she explained.

“Measures such as the establishment of the EU-wide Cybersecurity Shield and the launch of the Cyber Emergency Mechanism, which includes mutual support for member states and the EU Cybersecurity Reserve, demonstrate a concerted and cohesive response to the cyber threat,” added Beaupérin.

Another positive element of the plan is that the legislation includes a significant financial boost to the EU’s overall investment in cybersecurity. The total budget, including funding under the Digital Europe Programme, would reach in excess of €1.1bn under the proposal.

“In Ferma’s opinion, the focus on protecting critical infrastructure should have a positive knock-on effect on cyber resilience across all business sectors, since it would reduce the threat from cyber-related attacks on those key networks that underpin activities at the corporate level,” said Beaupérin.

But, as ever, the devil is in the detail and Ferma is concerned about the potential impact of the proposed cyber package on the cyber insurance market.

“However, we are also cautious on this point in terms of what it might mean for companies seeking to purchase cyber insurance coverage. It remains to be seen how current market conditions will be impacted by such a wide-ranging piece of legislation,” said the Ferma CEO.

“Ferma is also keen to understand the potential risk management requirements for companies under the Emergency Mechanism, and whether the incident review process might result in more data being made available to support better quantification of cyber risks by organisations,” she added.

Another important element of the EU’s plan is the proposed investment in skills. Alongside the CSA, the Commission launched the Cybersecurity Skills Academy, a move that Ferma welcomes.

“Ensuring that we have the relevant skills base to support the delivery of these EU-wide cyber resilience goals is essential. The academy is specifically designed to close what is referred to as the cyber talent gap,” pointed out Beaupérin.

As with all EU legislative initiatives, this act has a way to go yet and will come under considerable scrutiny by member states.

Beaupérin said there are several aspects of the package that Ferma will be “monitoring closely” as the legislation advances. These include the application of Artificial Intelligence and data analytics to facilitate cross-border response to cyberattacks, how the Cyber Emergency Mechanism will function in practice, and what testing requirements will be placed on critical-infrastructure entities.

“Ferma views the act as a positive development for its members and acknowledges the need for greater solidarity at the EU level on efforts to combat cyber risk. The scale of the digital threat demands that efforts to shore up cyber resilience capabilities are at a commensurate scale,” said Beaupérin.

“However, key to the success of the act will be how it is implemented at the individual member state level, with all countries needing to come together as one to achieve robust, sustainable, effective cybersecurity defences,” she concluded.

Back to top button