After ENISA’s report on cyber insurance language harmonisation, FERMA calls on the EU body to integrate the client dimension

FERMA announces plans for new pan-European risk management certification

European risk management body FERMA has called on the European Union Agency for Network and Information Security (ENISA) to integrate the corporate client dimension after its report on cyber risk covers.

Yesterday ENISA published its report, entitled “Commonality of risk assessment language in cyber insurance”.

FERMA said it welcomed the study “but regrets that the clients’ perspective is missing”.

The risk management industry group said it shared ENISA’s concerns about the lack of language harmonisation within insurance of cyber risks but “argues that the process needs to begin with a risk assessment within the organisation”.

FERMA criticised this as missing from the report, which focused on insurance industry perspectives.

“Before any decision to purchase cyber insurance, a risk assessment should first of all be performed on the customer’s side,” said Philippe Cotelle, FERMA board member and head of insurance risk management at Airbus Defence and Space.

FERMA’s riposte – issued as a press release – noted “a gap between the demand and the offer for cyber risk insurance” as currently provided by insurers in a still-maturing market.

Closing the gap needs “better cyber risk financial quantification”, according to FERMA’s perspective.

“It all starts from the situation faced by the clients,” said Cotelle.

“They need to define the exposure faced by their organisation to cyber risk. The risk assessment language, therefore, should be defined at the intersection of clients, brokers and insurance,” he added.

On cyber claims management, FERMA said it was broadly pleased with the report, focusing on the acknowledgement that “claims triggers should be part of language harmonisation” and the recommendation to “develop specific use cases and examples of claims triggers for different types of coverage”.

These statements represented “going in the right direction to increase the maturity of the cyber insurance market in Europe”, noted the industry body.

Cotelle said: “This is in fully line with our conviction that the European cyber insurance market will develop even further if clients know with better accuracy when and how their cyber insurance policy will be activated and therefore claims being paid.”

FERMA said it is pressing ENISA to consider three areas of improvement for the cyber insurance market: inclusion of the risk assessment process; exchange of information between insurers and insureds; and comparison of cyber insurance offers by the insureds.