FERMA: the industry needs better collaboration to manage cyber threats

The Federation of European Risk Management Associations (FERMA) has released a new joint report which addresses the challenges faced by all participants in the cyber insurance chain. 

The report is the result of a pan-European, multi-stakeholder dialogue and was produced by FERMA in partnership with Allianz Global Corporate & Specialty, AXA XL, HDI Global, Howden, Lloyd’s Insurance Company (Europe), Marsh, and Munich Re.

Central to the findings is the call for greater collaboration between all cyber stakeholders to achieve a balance between the risk appetite of insurers and the coverage requirements of corporate buyers to ensure a sustainable market.

It also urges greater investment in identification and prevention measures, promotes the adoption of transitional coverage and continuous underwriting practices, and proposes an annual high-level international summit focused on cyber resilience.

”Our collective aim is to support the development of a bedrock of cyber resilience at the organisational level”

Philippe Cotelle, vice president of FERMA, and chair of the Digital Committee, said: “This report is the result of a ground-breaking pan-European dialogue across all core cyber insurance stakeholders.

”Our collective aim is to support the development of a bedrock of cyber resilience at the organisational level which is ably supported and enhanced by a robust, relevant, and affordable cyber insurance market and which serves to bolster the overall competitiveness of the European market.”

Lessons for risk managers

For risk managers, there are several areas of interest in the report.

Cotelle, who is also the cyber risk manager for Airbus, says that the report is instrumental in bridging the growing uncertainty regarding which catastrophic loss scenarios are covered by insurance.

He said: ”We can’t be uncertain. We need to know exactly the boundaries where insurance will play in order to make sure that we adapt our risk management accordingly and provide top management… a clear answer about how we plan as a company to adapt to address catastrophic losses.”

The second element of interest is the clear focus on risk identification, quantification, and creating a better dialogue between insurers and risk managers during the underwriting phase.

He said: ”It really has to be a dialogue with clear feedback in order to improve the common understanding of the level of risk which is currently exchanged,”

“[This is] a tremendous opportunity to get better prepared and to improve our resilience.”

The third element is the aim to remove the uncertainty, which can become a huge issue for the development of cyber insurance attractiveness.

Finally, FERMA wants to encourage the industry to share claims data from different insureds to help risk managers get prepared and take note of the different issues that companies face.

He said: “[This is] a tremendous opportunity to get better prepared and to improve our resilience.”

The report recommends that large corporates improve identification and prevention by investing in quantification, benchmarking, and crisis management training and protocols.

It also calls for the establishment of an annual cyber event which brings together stakeholders including risk managers and policymakers to address key market challenges and develop more effective cyber resilience strategies.

What the experts are saying

Typhaine Beaupérin, CEO and secretary general of FERMA, said that Europe can become a world leader in efforts to bolster cyber resilience by “adopting a Europe-wide, pan-stakeholder approach to address every aspect of the cyber challenge and ensuring that through ground-breaking risk-sharing initiatives, we can create the depth and breadth of capacity required to bridge the cyber protection gap.”

Carlos Rodríguez Sanz, regional cyber product leader APAC & Europe at AXA XL said: “The European cybersecurity market is estimated at more than €130 billion and is growing at a rate of 17% a year. 

”This is a clear sign that European businesses appreciate the risks associated with cyber security and understand the need and urgency to protect their operations and minimise their exposure.

”Today insurance is one of the most important tools for risk management of business.”

”To help them and society at large to build resilience, insurers and cybersecurity experts must come together to define standards, benchmarking and crisis management protocols, and further raise awareness among SMEs and larger corporates alike.”

Shay Simkin, global head of cyber at Howden added: “Cyber insurance has never been more critical, as even the best-prepared companies cannot eliminate the risk of a cyber-attack.

”Ransomware, wars and rate increases encapsulate a period of incredible change in the cyber insurance market. Strong cyber controls are increasingly important as insurers deploy capacity when they are satisfied by companies’ risk management protocols.”

Dr Jürgen Reinhart, chief underwriter cyber at Munich Re, said: “Effectively managing cyber risk is critical for society… Today insurance is one of the most important tools for risk management of business.

”When it comes to systemic risks, a societal dialogue needs to be enforced, as their management is best enabled in an effective public-private partnership.”