FERMA Criticizes Cyber Insurance Guidelines Proposed by Int’l Standards Organization

April 8, 2019

The Federation of European Risk Management Associations (FERMA) is concerned about proposed cyber insurance guidelines being developed by the International Organization for Standardization (ISO), calling them “premature” and “inappropriate.”

The proposed standard, ISO/IEC 27102, encompasses information security management guidelines for cyber insurance. FERMA explained that ISO is currently in the final stages of approving guidelines for cyber insurance, which are meant to help IT experts when considering cyber insurance. However, “no other insurance product is the subject of an ISO standard,” FERMA emphasized.

“Cyber insurance is evolving rapidly in the face of fast technological development. Insurance buyers are working out their needs and the insurance industry is analyzing how it can provide cover without unquantifiable exposures. It is too early to agree a standard,” said emphasized FERMA board president Jo Willaert, in a statement.

“In any case, we are not clear why a standard for cyber insurance should be intended for IT security experts,” added Willaert. “As we have consistently argued, cyber security is an enterprise risk and its management, which includes insurance, requires the involvement of risk professionals.”

FERMA said its concerns about the ISO project are echoed by insurance industry representatives and FERMA members, which include other European risk management associations, including the UK risk management association, AIRMIC; the French association, AMRAE, and the Belgian association.

FERMA urged other member associations to help ensure their national standardization bodies are aware of the concerns of the whole insurance market. (FERMA comprises 22 risk management associations in 21 European countries, which represent nearly 4800 risk managers.)

This project began three years ago, under the leadership of the ISO Information Technology technical committee (ISO/IEC JTC 1) but “without sufficient and adequate involvement from the insurance industry,” said FERMA.

ISO representatives were not available for a comment.

“We appreciate the importance of a well-defined scope and intention for cyber insurance, including the insurers’ information requirements, but it must be agreed by all stakeholders,” commented Philippe Cotelle, FERMA board member.

He said, FERMA, Insurance Europe and broker representatives began working together last year, publishing “Preparing for Cyber Insurance.” (Insurance Europe’s members the national insurance associations in 34 countries, representing 95 percent total European premium income).

“We believe it would be more effective in developing a sustainable cyber insurance market for us as stakeholders to continue working together,” added Cotelle. “Our publications are accessible for free for IT security experts who have an interest in cyber insurance.”

Source: Federation of European Risk Management Associations (FERMA)

Was this article valuable?

Here are more articles you may enjoy.