The latest enterprise risk management news from around the world

Cyber security is an enterprise risk: FERMA tells EC

Cyber security requires an enterprise-wide approach, and the risk manager's role is to help the company achieve effective, data-based enterprise risk management, the Federation of European Risk Management Associations (FERMA) has told the European Commission.

In its response to the Commission's consultation on public-private partnerships in cyber security concluded last week, FERMA stated:

"Businesses have difficulties with reaching a basic level of protection often due to a lack of risk insights and data driven risk mitigation." 

FERMA President Jo Willaert, commented: "The boards of organizations need to understand that cyber risk is not only an IT risk; it is an enterprise risk. In that respect, we advocate a central role for the risk management function. Without being an IT specialist, the risk manager provides expert advice to support the board and the CEO. He or she is working hand in hand with the operational units such as IT, legal and internal audit."

FERMA stressed that this overview of cyber risks across an organization, including into the supply chain, is critical especially with the development of the Internet of Things. Using scenario-based analysis, the risk manager can quantify the overall cyber risk exposure and validate mitigation strategies on an enterprise basis.

FERMA also argues that public intervention is necessary in order to help organizations cope with the challenge of cyber risks. It urges the development of:

  • A framework for the clarification of cross-border liabilities in cyber incidents;
  • A global set of rules for cyber risk assessment that would safeguard confidentiality in incident disclosure and insurance claims;
  • The incorporation of cyber risk governance in legislation and guidance to create an integrated approach to the threats from top to bottom of the organization.
For FERMA's full response to the Commission, click here.

Want news and features emailed to you?

Signup to our free newsletters and never miss a story.


A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.