Global cyber governance framework inadequate for handling emerging technologies: Zurich

NEW ORLEANS, La. – Businesses are urged to invest in protections against cyber risk and to create a culture of cyber resilience, recommends a new report released by Zurich Insurance Group and ESADE Center for Global Economy and Geopolitics at the RIMS 2015 Annual Conference & Exhibition.

“The current state of regulation and the governance regimes in place globally are inadequate to ensure the security of the world’s cyber infrastructure,” argues the report.

The report – which examines both the current and evolving nature of cyber risk and the existing global governance framework, as well as proposes new paths to tackle the current disorder in cyber space – points to inadequate preparation to handle new technologies, including drones, 3-D printing and self-driving cars. Newly emerging technologies will impact the security of the Internet, it concludes.

Zurich reports in the statement that companies in almost all sectors are exposed to cyber threats, with the potential for causing enormous damage in terms of reputation and physical losses, liabilities and regulatory costs. “Unchecked, growing cyber threats risk curtailing technical and economic development on a global scale,” the statement adds.

“The existing governance framework from the 20th century cannot be expected to respond sufficiently to a 21st century technology,” Axel Lehmann, Zurich’s chief risk officer, says in a statement from Zurich.

“We live in a world full of opportunities, but also risks,” Lehmann says. “The cyber realm underpins almost all economic and societal activity – from finance to trade, information, energy and beyond.”

In the event of a global cyber shock, Zurich reports, it is not clear who would be in charge and what levers could be used to reduce the impact on the internet and society. The report also states that geopolitical and ideological tensions between states are increasingly played out in cyber space, including over matters of governance. [click image below to enlarge]

The report examines both the current and evolving nature of cyber risk and the existing global governance framework, as well as proposes new paths to tackle the current disorder in cyber space

“The nature of cyber security is evolving so quickly it can be difficult for businesses to keep track of the risks let alone the solutions,” Mike Kerner, CEO of general insurance for Zurich, comments in the statement. “It is very clear that businesses that want to protect themselves from cyber security and privacy risks must adopt a mindset of resilience,” Kerner says.

“The world needs a fluid and more comprehensive dialogue between business, politics and civil society to ensure the security of cyberspace,” adds ESADEgeo president Javier Solana. “Developing an inclusive and reliable governance regime for the security of the cyber realm is a prerequisite to managing the risks and grasping the opportunities that emerging technology presents.”

Recommendations to policymakers include creating a G20 + 20 Cyber Stability Board, made up of the 20 largest governments and the 20 largest tech firms, for strengthening global institutions and taking steps to isolate these institutions from geopolitical tensions; and creating a Cyber WHO (World Health Organization) to enhance crisis management, the Zurich statement adds.

In addition, the private sector must engage in sharing information and employ an approach that will increase their overall cyber resilience to address the inadequacies of the framework, the statement adds.

“Whatever public-private cyber security regimes or collective actions may develop, it is incumbent on businesses to take a pragmatic approach to the cyber governance gap that is likely to persist for the next few years,” the report suggests. “This includes investment in studying and enhancing protection against cyber risks, as well as creating a culture of cyber resilience.”

“This is a constantly evolving, challenging and potentially devastating risk and it is rightly top of mind for our customers who rely on us as risk advisors,” Kerner adds.

The RIMS 2015 Annual Conference & Exhibition is being held Apr. 26-29 in New Orleans.

 More coverage of the RIMS 2015 Annual Conference & Exhibition

Cyber risk vaults into Top 10, interconnectedness of risk underscores need for solid risk management: Aon survey

RIMS Community Service Day focuses on rebuilding two catastrophe-affected neighbourhoods in New Orleans

Risk management networks key, innovation often comes from necessity: RIMS president

Janice Ochenkowski receives RIMS’s most prestigious honour

Expediting authorizations for drone use after disasters would improve risk assessment and response: study

Organizational alignment can influence effectiveness of risk management strategy: Marsh/RIMS study

Risk managers must keep abreast of technological advances in aircraft: Aon