Proposed ISO standard on cyber insurance is ‘premature and inappropriate’ according to FERMA
- Details
- Published: Friday, 12 April 2019 08:49
The Federation of European Risk Management Associations (FERMA) has expressed concern about the ISO/IEC 27102 ‘Information Security Management Guidelines For Cyber Insurance’ standard, which is currently under development.
FERMA says that the proposed standard is “Premature and inappropriate in its current form given the fast pace of technological development” and also states that “No other insurance product is the subject of an ISO standard”.
FERMA members, the UK risk management association Airmic, French association AMRAE and Belgian association BELRIM, and insurance industry representatives have also expressed concerns about the project.
FERMA has urged other member associations to help ensure their national standardization body is aware of the concerns of the whole insurance market.
FERMA board president Jo Willaert, said: “Cyber insurance is evolving rapidly in the face of fast technological development. Insurance buyers are working out their needs and the insurance industry is analysing how it can provide cover without unquantifiable exposures. It is too early to agree a standard. In any case, we are not clear why a standard for cyber insurance should be intended for IT security experts. As we have consistently argued, cyber security is an enterprise risk and its management, which includes insurance, requires the involvement of risk professionals.”
Philippe Cotelle, FERMA board member, said: “We appreciate the importance of a well-defined scope and intention for cyber insurance, including the insurers’ information requirements, but it must be agreed by all stakeholders. FERMA, Insurance Europe and broker representatives began this process last year with the publication of Preparing for Cyber Insurance. We believe it would be more effective in developing a sustainable cyber insurance market for us as stakeholders to continue working together. Our publications are accessible for free for IT security experts who have an interest in cyber insurance.”