Tue. Mar 19th, 2024

Content Assessment: Fitting the Needs of Operators of Essential Services? Demand Side of Cyber Insurance in the EU

Information - 93%
Insight - 94%
Relevance - 90%
Objectivity - 92%
Authority - 91%

92%

Excellent

A short percentage-based assessment of the qualitative benefit of the announcement and report from ENISA on current perspectives and challenges of Operators of Essential Services related to acquiring cyber insurance services.

Editor’s Note: ENISA, the European Union Agency for Cybersecurity, was established in 2004 to promote a high level of cybersecurity across Europe. The EU Cybersecurity Act has strengthened its role, and it works towards enhancing the trustworthiness of ICT products, services, and processes with cybersecurity certification schemes, contributing to EU cyber policy, cooperating with Member States and EU bodies, and preparing Europe for future cybersecurity challenges. Through knowledge sharing, capacity building, and awareness raising, ENISA collaborates with key stakeholders to build trust in the connected economy, boost the Union’s infrastructure resilience, and maintain digital security for Europe’s society and citizens. The recent report from ENISA, titled “Demand Side of Cyber Insurance in the EU,” delves into the difficulties that Operators of Essential Services (OESs) in the EU encounter when attempting to obtain cyber insurance. The report’s findings could prove useful to professionals in cybersecurity, information governance, and eDiscovery, as they aim to gain a better understanding of the cybersecurity terrain for essential infrastructure and develop sound risk management strategies.


Background Note: Operators of Essential Services (OESs) are entities that provide critical services that are essential for the functioning of society and the economy. These services include, but are not limited to, energy, transportation, healthcare, drinking water supply, and financial services. OESs are identified by the European Union (EU) as entities that operate in sectors that are crucial for the maintenance of essential societal and economic activities and whose disruption would have a significant impact on the security, health, and welfare of citizens or on the functioning of the economy. The EU has established a framework for the identification and designation of OESs, and these entities are subject to specific cybersecurity and resilience obligations to ensure the continuity and security of their services.

Press Announcement And Report* (February 23, 2023)

Cyber Insurance: Fitting the Needs of Operators of Essential Services?

The new report by the European Union Agency for Cybersecurity (ENISA) explores the challenges faced by Operators of Essential Services in the EU, when seeking to acquire cyber insurance.

Focused on the potential challenges faced by Operators of Essential Services (OESs), the analysis performed also explores aspects of cyber insurance from a policy development perspective, and suggests recommendations to policymakers and to the community of OESs.

What does the report reveal?

With the current trend of increasing cyber incidents also affecting OESs to a large extent, a majority of them perceive cyber insurance as a service they cannot afford given the outstanding premiums and disadvantageous coverage. According to data gathered through a survey targeting 262 OESs across the EU, three in four do not currently have cyber insurance coverage. The survey also reveals that other risk mitigation strategies are often considered more favorable by OESs.

For 77% of respondents, a formalized process has been set to identify cyber risks. The remaining 23% do not have any such process in place. On the other hand, 64% of organizations declare not quantifying cyber risks. However, all interviewed contributors declare having risk-management practices in place and a process to determine controls.

The motivators behind the decision to contract insurance coverage include coverage in case of a loss as a result of a cyber incident for 46%, requirement by law for 19%, pre-incident or post-incident expert knowledge from insurance companies.

56% of respondents declared they considered other risk mitigation tools more effective than cyber insurance.

Recommendations to policy makers

  • Implement guidance mechanisms to improve maturity of risk management practices of OESs;
  • Promote the establishment of frameworks to identify and exchange good practices among OESs, especially related to identification, mitigation and quantification of risk exposure;
  • Encourage initiatives, including standardization and guidance development, to provide assessment methodologies on the quantification of cyber risks;
  • Develop collaborative frameworks with public and private partners to enable skills frameworks and programs for cyber insurance, particularly in areas such as risk assessment, legal aspects, information management and cyber insurance market dynamics.

Recommendations to OESs

  • Make progress towards the maturity of risk management practices;
  • Allocate or increase budget to implement processes on identification of assets, key metrics, conduct periodic risk assessments, security controls identification and quantification of risks based on industry best practices;
  • Improve knowledge transfer and sharing with other OESs.

To coincide with the publication of the report, ENISA welcomed the visit of Petra Hielkema, Chairperson of the European Insurance and Occupational Pensions Authority (EIOPA).

ENISA has developed synergies with stakeholders such as the EIOPA to engage in actions to understand the mechanisms and potential needs of the cyber insurance sector in relation to cybersecurity and market development. These synergies materialize through the coordination of activities meant to monitor cyber insurance developments, knowledge exchange and multidisciplinary collaboration.

Read the original announcement.


Complete Report: Demand Side of Cyber Insurance in the EU (PDF) – Mouseover to Scroll

Demand Side of Cyber Insurance in the EU

Read the original paper.

*Shared with permission under Creative Commons – Attribution 4.0 International (CC BY 4.0) – license.


Additional Reading

Source: ComplexDiscovery

 

Generative Artificial Intelligence and Large Language Model Use

ComplexDiscovery OÜ recognizes the value of GAI and LLM tools in streamlining content creation processes and enhancing the overall quality of its research, writing, and editing efforts. To this end, ComplexDiscovery OÜ regularly employs GAI tools, including ChatGPT, Claude, Midjourney, and DALL-E, to assist, augment, and accelerate the development and publication of both new and revised content in posts and pages published (initiated in late 2022).

ComplexDiscovery also provides a ChatGPT-powered AI article assistant for its users. This feature leverages LLM capabilities to generate relevant and valuable insights related to specific page and post content published on ComplexDiscovery.com. By offering this AI-driven service, ComplexDiscovery OÜ aims to create a more interactive and engaging experience for its users, while highlighting the importance of responsible and ethical use of GAI and LLM technologies.

 

Have a Request?

If you have information or offering requests that you would like to ask us about, please let us know, and we will make our response to you a priority.

ComplexDiscovery OÜ is a highly recognized digital publication focused on providing detailed insights into the fields of cybersecurity, information governance, and eDiscovery. Based in Estonia, a hub for digital innovation, ComplexDiscovery OÜ upholds rigorous standards in journalistic integrity, delivering nuanced analyses of global trends, technology advancements, and the eDiscovery sector. The publication expertly connects intricate legal technology issues with the broader narrative of international business and current events, offering its readership invaluable insights for informed decision-making.

For the latest in law, technology, and business, visit ComplexDiscovery.com.