FERMA urges EU to streamline cyber reporting processes

The Federation of European Risk Management Associations (FERMA) has urged European Institutions to streamline cyber reporting requirements and consider the insurance implications of cyber-related legislation.

The news follows the release of the Cyber Reporting Stack report – produced in partnership with WTW -, which provides risk managers with comprehensive advice on managing reporting requirements across a widening cyber policy environment.

Considered a first-of-its-kind report, it serves as a guide for recent and upcoming regulations as well as incident reporting requirements for risk managers. Including a series of case studies, it delivers guidance on the General Data Protection Regulation (GDPR), Network and Information Security (NIS), Network and Information Security (NIS 2), Digital Operational Resilience Act (DORA), and the Cyber Resilience Act (CRA).

Charlotte Hedemark, President, FERMA, commented on the increasing cyber reporting burden: “FERMA believes companies need a more streamlined and consistent set of requirements when it comes to reporting on cyber incidents.

“This reporting should help EU authorities, businesses and citizens to better understand the cyber threat—but this will only work if it’s easy, safe and secure for companies to provide information.”

As part of efforts to reduce this burden, the report recommends exploring the potential for a “single point of entry” for cyber incident notification, while also providing EU Member States with guidance on how to streamline processes and the players involved.

Philippe Cotelle, Chair, Digital Committee, FERMA, added: “We are acutely aware that while risk management plays a vital role in building resilience to, and recovery from cyber-attacks, there are no regulations that give technical specifications of what risk management measures organisations should take, nor are there any that consider the insurance implications.”

When conducting an impact assessment, the report urges the European Commission to consider the insurance and risk transfer implications of future EU cyber legislation.

Laure Zicry, Head of FINEX Cyber, Western Europe, WTW, said: “WTW is delighted to work with FERMA on such an important report. Managing cyber risks is paramount for every company that takes very seriously the confidentiality of their client’s data and its network security.

“The cyber incident reporting rules and requirements covered by this whitepaper deal with cross-functional issues and therefore need to be addressed by organisations accordingly. The role of the risk manager is crucial to guarantee that all risks have been properly identified and that the best mitigation strategies have been adopted.”

Hedemark concluded: “We hope that it will give companies greater clarity about cyber incident reporting requirements and how those relate to the bigger picture of understanding this global threat.

“We also hope that the knowledge derived will help European policymakers to streamline their approach to cyber incident reporting and lead to some simplification of reporting, enabling companies to devote a greater proportion of their resources and knowledge to assessing, managing and responding to this risk.”

This website states: The content on this site is sourced from the internet. If there is any infringement, please contact us and we will handle it promptly.