Președintele ASF Leonardo Badea: Importanța asigurării riscurilor cibernetice în atenția Autorității de Supraveghere Financiară

Source: Financiarul.ro.

Understanding Cyber Risk Insurance: A Comprehensive Overview

According to a thematic analysis by the A.S.F. regarding cyber risk insurance:

• Cyber risks are a shared responsibility among both management and employees within organizations. Cyber insurance can also cover professional risks arising from these cyber threats.
• Organizations must develop a robust cyber risk management strategy to ensure a swift return to normal operations while minimizing costs.
• Cyber risk insurance plays a crucial role in transferring the risks that companies face. It should complement, rather than replace, the risk management frameworks that every organization needs, serving as a stabilizing factor for economic and social structures, including critical infrastructure, government entities, and the financial sector.
• This type of insurance should be integral to assessing financial health and operational continuity, facilitating rapid recovery from losses.

Key Conclusions for Effective Cyber Risk Coverage

To effectively address the risks posed by our increasingly digital society, the following conclusions emerge:

RecomandăriLeonardo Badea (BNR): Importanța și modul de funcționare a sistemului SWIFT în tranzacțiile economice internaționale

• To protect critical infrastructures, public sector activities, and national assets that are highly exposed to digital risks, it is vital to formulate and adopt policies that support the regulation of cyber risk coverage through insurance. This approach shifts financial responsibility to those capable of managing potentially significant damages, thereby mitigating political, social, and economic impacts. Such policies will yield positive effects on both demand and supply sides.
• For long-term sustainability, a reporting system for losses due to cyber risks must be established, particularly for critical and significant infrastructures, to provide necessary data for insurers’ actuarial activities.
• In the short to medium term, insurers need to develop and implement consulting and assessment models for clients seeking protection against cyber threats, based on globally recognized standards and certifications. Additionally, enhancing the necessary skills within insurance companies regarding the engineering of these risks is essential.
• Addressing cyber risks requires a united front among beneficiaries, technology firms, and insurers to elevate the maturity of cybersecurity practices, apply risk management principles, implement common mechanisms to combat cybercrime, and develop insurance products tailored to client needs.