The time has come for the EC to join with risk managers and help solve the shortfall in cyber risk data that is holding back public and private sector response to this growing threat, said Ferma vice-president Philippe Cotelle.
He told delegates during a Ferma Talks session on European plans for a digital and green recovery plan post pandemic, that data holds the key to building sustainable resilience.
“If we can measure parameters in a manner nobody can dispute, whether it’s on climate change or on cyber, it will become a vital element in ensuring policymakers make better decisions and see the results of their decisions going forward,” said Cotelle, who is also head of cyber insurance and head of insurance risk management at Airbus Defence & Space.
He stressed that a lack of data is a bigger problem currently for cyber than climate change risk, with the former in a similar position that climate change found itself previously.
“Everybody is convinced about climate change but it took decades to make people aware and recognise the evidence of climate change. This came when people were able to give measurements [on climate change]… which then saw private and public policies put in place. In cyber we are probably in the same situation today. We don’t have the data therefore we are basing public policies on perceptions,” warned Cotelle.
He believes it is therefore time to develop “exhaustive, reliable data” that allows government, business and citizens to “properly measure the reality of the cyber phenomenon”.
“We need to get away from lots of surveys pushed by service providers, and know exactly how many companies are suffering an attack and the extent of economic impact they are suffering,” he said.
Cotelle explained that risk managers are trying to take a lead on this initiative through Amrae in France and Ferma at European level by attempting to collate data on the size of cyber premiums and claims in Europe.
“This will provide data for public policy and to the private sector on the level of coverage and financial guarantee for each layer of the economy. This will give some evidence of the nature of the risk and the economic challenge that we have at European level,” said Cotelle.
He then called the EC and European parliament to truly partner with risk managers to help come up with solutions to cyber and other challenges.
“I want the EC and parliament as a partner. We as risk managers are really embedded within companies. We talk to all the different functions. We probably have some ideas on how risks many be managed…we are used to managing risk on a limited budget so have the expertise to propose things that are pragmatic but risk efficient. If the EU can help us to promote those actions and deploy those actions with stakeholders, it is probably the best gift you could provide to us,” he told fellow panellist Heidi Hautala, vice president of the European Parliament.
She agreed that the parliament and EC needs to better understand the size of digital and cyber risk. Hautala said this is needed to help avoid a “big collapse” in the digital world and put the “mega risk” at the heart of EU policy making.
Cotelle and Europe’s risk management industry will be pleased to hear that cyber security and building greater resilience within the EU economy is a top priority for the Slovenian presidency during the second half of this year. And the opinion of risk managers will be sought.
Slovenian minister of public administration Boštjan Koritnik told Ferma Talks that to help make this happen, public and private institutions in Europe must work together on cyber security. This involves using the risk management expertise from within the private sector, he said. “Cooperation is vital, we are stronger if we work together,” said the minister.
Ferma explained that the EU recovery plan is geared towards transforming the European economy and emerging stronger and more resilient the other side of the pandemic. The EU has adopted an ambitious package of measures to help improve the flow of money towards sustainable and digital activities across the EU, the federation added.
Laurence Eeckman, Ferma board member and vice president risk management at Electrolux Group, said risk managers have a bigger and new role to play in the move towards sustainable environmental and digital resilience.
“Our role has to change, adapt and transform. To be able to follow this transformation we really need to become strategic risk managers. It is not only required internally but by shareholders, investors and employees, who see how risk management is taken care of.
We are very well placed by using our risk methodologies and frameworks to make sure the new risks are really embedded in the framework. Risk managers need to be involved early in the discussions and be integrated in the business,” she said.