The latest enterprise risk management news from around the world

FERMA and ECIIA call for new ‘cyber risk governance groups’ led by risk managers

A new report has called for organizations to create dedicated internal cyber risk governance groups to address digital risks across the whole enterprise as the threats evolve.

The recommendation for a cyber risk governance model comes in a report published by the Federation of European Risk Management Associations (FERMA) and the European Confederation of Institutes of Internal Auditing (ECIIA).

FERMA and ECIIA presented their report at a high-level event at the European Parliament with representatives of the EU institutions, the World Economic Forum, risk and audit practitioners from European businesses, and other European stakeholders.

The report, At the junction of corporate governance and cybersecurity, aims primarily at supporting European organizations in meeting their obligations under the EU General Data Protection Regulation (GDPR) and Network Information Security Directive. Recent cyber attacks, however, increased concerns on what the risk experts see as a wider lack of focus on risk governance in cyber security.

The report calls for the creation of cyber risk governance groups, chaired by the risk manager, to operate across functions within the enterprise. The role of the group is to determine the potential cost of cyber risks across the whole organization, including catastrophic risk scenarios, and propose mitigation measures to the risk committee and the board. 

In addition to the risk managers, the group should be composed of representatives of all key functions at an enterprise level involved in digital risk, notably IT, human resources, communications, finance, legal and the data protection officer (DPO) and chief information security officer (CISO). Internal audit would provide the necessary assurance to the board that the cyber risk controls are operating effectively.

The full report ‘At the Junction of Corporate Governance & Cybersecurity’ is available here (PDF).


Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

   

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.