Although Risk Managers (RM) have been focussing on cyber risks for several years already, 2019 will likely mark a turning point in considerations of this issue. At the Rencontres de l’AMRAE, the profession’s largest meeting held in Deauville in early February, most of the discussions, conferences and workshops addressed cyber risks. It all began with AMRAE President, Brigitte Bouquot who quoted Guillaume Poupard (ANSSI Director General) in her opening address, when he spoke of the probability of "cyber-attacks on the scale of Pearl Harbor” a few months ago. Brigitte Bouquot stressed that cyber risk cannot "be addressed through legal conformity", but requires a complete front-line arsenal including the Ebios Risk Manager method announced by the DG of ANSSI at Les Assises de la Sécurité (watch the video). The two organisations are working together to pair the regulations proposed by ANSSI with the Risk Management devised by AMRAE. This common approach should allow the two targets to understand each other.
Insurers refine their models with every crisis
The issue is becoming increasingly important for the entire Risk Management ecosystem. A recent survey by the Fédération Française de l’Assurance revealed that French insurers now consider cyber to be the greatest risk in the short term (read the study). But, are risk managers but also insurers, re-insurers and brokers prepared in this environment? Not completely, if we are to believe the discussions: “We aren’t familiar with cyber risk yet. We refine our models with each disaster," acknowledged Fabrice Domange, CEO of Marsh France, global leading broker. Thomas Buberl, Director General of AXA, says that while the market is full of talk about technological risk, it does "not yet fully appreciate its magnitude". Professionals can’t be blamed for their ignorance though, because the subject is complex and technical, and its ramifications are complex. For insurers, it presents "all the characteristics necessary to generate cumulated high-intensity risk," explained Didier Parsoire, Chief Underwriting Officer, Cyber Solutions at reinsurer SCOR. This is why businesses and their RMs must mobilise and get into battle formation, because "the true wall of shame for a company is not a cyber-attack in itself, but not being prepared," hammers Philippe Cotelle, Risk Manager at Airbus Defence and Space, and AMRAE board member. This requires a governance dedicated to cyber security where the CISO is just as important as the financial director, DPO and Compliance Director. So, are CISOs and RMs fighting the same fight? In any case, there is an urgent need for dialogue and for them to speak the same language.