The Chair of the Cyber Risk Investigation Working Party, Visesh Gosrani, presented the framework that the Working Party had developed in order to provide companies to assess their exposure to Non Affirmative Cyber risk.
The presentation highlighted the challenges that insurance companies would face upon commencing the exercise but focused on the need to scope out what might sensible objectives for initial exercises and that it was important to make this start.
It then went on to voice the steps needed to make use of the framework and went to pains to stress that companies could use any part of the framework that was complimentary to their in-house processes and that it was useful whether used in part or as a whole.
The presentation focused throughout on
- the clarity that could be provided to management and the organisation as a whole as a result of using the framework
- the ability to build up the extent to which any firm uses the framework over a period of time and even to not use parts of the framework of a firm feels this is appropriately dealt with.
The working party intends that the release of the framework and accompanying paper enables insurers to improve the assessment of their exposure to Non-Affirmative Cyber risk and encourages insurers to start this journey