The latest enterprise risk management news from around the world

Proposed ISO standard on cyber insurance is ‘premature and inappropriate’ according to FERMA

The Federation of European Risk Management Associations (FERMA) has expressed concern about the ISO/IEC 27102 ‘Information Security Management Guidelines For Cyber Insurance’ standard, which is currently under development.

FERMA says that the proposed standard is “Premature and inappropriate in its current form given the fast pace of technological development” and also states that “No other insurance product is the subject of an ISO standard”.

FERMA members, the UK risk management association Airmic, French association AMRAE and Belgian association BELRIM, and insurance industry representatives have also expressed concerns about the project.

FERMA has urged other member associations to help ensure their national standardization body is aware of the concerns of the whole insurance market.

FERMA board president Jo Willaert, said: “Cyber insurance is evolving rapidly in the face of fast technological development. Insurance buyers are working out their needs and the insurance industry is analysing how it can provide cover without unquantifiable exposures. It is too early to agree a standard. In any case, we are not clear why a standard for cyber insurance should be intended for IT security experts. As we have consistently argued, cyber security is an enterprise risk and its management, which includes insurance, requires the involvement of risk professionals.”

Philippe Cotelle, FERMA board member, said: “We appreciate the importance of a well-defined scope and intention for cyber insurance, including the insurers’ information requirements, but it must be agreed by all stakeholders. FERMA, Insurance Europe and broker representatives began this process last year with the publication of Preparing for Cyber Insurance. We believe it would be more effective in developing a sustainable cyber insurance market for us as stakeholders to continue working together. Our publications are accessible for free for IT security experts who have an interest in cyber insurance.”  

More details on ISO/IEC 27102



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.