Managing Cyber Risk and the application of Cyber Insurance

 
UPDATE on the development of ISO 27102 ISO 27102 - Cyber Insurance
 
Ahead of the next meeting of the ISO Technical Committee for Information Security responsible for the development of the international standard for Cyber Insurance (27102) in Tel Aviv in April a meeting was held in London on 8th February to discuss the concerns and possible solutions as part of the Public Consultation phase of the standards development. 
 
Those attending the session represented a diverse group of stakeholders from across the Insurance Sector and included a number of significant endusers. Ahead of this meeting over 50 other stakeholders, representing a more diverse base of stakeholders, also provided feedback on the proposal for a cyber insurance standard.
 
During these discussions the overwhelming majority felt that the standard was currently not appropriate and rather duplicated guidance already available in the market. Further, the consensus was that the structure of the documents did not help either the user or the insurance sector. The group also strongly felt that there was too little practical advice for users on the insurance aspects that need to be considered and how best to engage and align their operations to optimise the benefits insurance can bring.
 
However, as the meeting developed it become clear that there was a way forward that could, if adopted by ISO, address the concerns and provide a powerful tool for users and the insurance sector to enhance and improve the efficiency of the process, improving the value for all.
 
In the next week or so the UK will be submitting comments and our recommendations to ISO for consideration in Tel Aviv.
 
We are hopeful that the recommendations will be received positively, as they directly address the needs of the market and support the wider work of the ISO Committee responsible for Information Security.
 
Critically, the recommendations to be submitted also directly address the concerns of the insurance sector and have garnered strong support from those active across the sector. By altering some aspects of the scope, revising certain sections and focusing on a more evolved set of outcomes this standard could end up driving considerable growth in the sector while also improving the quality and capabilities of Cyber Risk Management.
 
If you would like to know more please do get in touch with me at russell.price@continuityforum.org.