Nos derniers articles

𝗘𝗜𝗢𝗣𝗔'𝘀 𝗦𝘁𝗿𝗮𝘁𝗲𝗴𝗶𝗰 𝗥𝗲𝘀𝗽𝗼𝗻𝘀𝗲 𝘁𝗼 𝗦𝘆𝘀𝘁𝗲𝗺𝗶𝗰 𝗖𝘆𝗯𝗲𝗿 𝗧𝗵𝗿𝗲𝗮𝘁𝘀
The strategy employs four interlocking pillars to build a multi-layered defense. It is anchored in enhancing foundational digital operational resilience across the financial market through collaboration with other European Supervisory Authorities and crucial oversight of critical third-party service providers. This internal strengthening is complemented by a public-facing initiative to close the significant cyber protection gap, promoting informed decision-making to encourage mitigation and adaptation actions among businesses and citizens. To sustain these efforts amid rapid digitalization, EIOPA mandates the continuous adaptation of supervisory frameworks, leveraging SupTech and enhanced data sharing to detect vulnerabilities and structural shifts more efficiently. These pillars are unified through fostering collaborative risk management, working with other relevant EU and international authorities to enable a coordinated response.

European insurers continue to advance digitalization, but cyber risk remains a material strategic threat. According to EIOPA Q3 2025 and National Competent Authorities:
Overall risk: Medium
Outlook: Increasing
Supervisory concern: Elevated

Cet article détaille l'évolution des produits au-delà de l'assurance cyber traditionnelle, tels que la (ré)assurance cyber, les garanties, l'assurance paramétrique et les obligations catastrophe cyber.

Il caractérise la manière dont ces solutions ont abordé quatre défis fondamentaux : adapter la couverture au paysage des menaces, gérer la solvabilité, la collecte de données pour l'évaluation des risques, et créer des incitations à la réduction des risques.

Il retrace la progression du marché à travers des phases distinctes — cyber expérimental, assurance contre les violations de données et l'épidémie de rançongiciels — soulignant le passage des questionnaires de sécurité autodéclarés à la collecte de données automatisée et aux partenariats avec les fournisseurs de technologie.

En fin de compte, les auteurs concluent que la (ré)assurance cyber basée sur l'indemnisation a été le mécanisme le plus réussi pour transférer les risques, malgré les défis continus en matière de modélisation et d'agrégation du risque de catastrophe cyber.

Lack of high-quality public cyber incident data hinders empirical research and predictive modeling for cyber risk. Companies' reluctance to disclose incidents, fearing reputational damage, perpetuates this challenge. Actuarial solutions focus on enhancing existing datasets and employing advanced modeling. A new InsurTech framework is proposed to enrich cyber incident data with entity-specific attributes, addressing the gap in publicly available information. Machine learning models predict incident types and estimate frequencies, demonstrating improved robustness when incorporating InsurTech-derived features. This framework aims to generate transparent, entity-specific cyber risk profiles, supporting tailored underwriting and proactive risk mitigation for insurers and organizations.

AI could revolutionize UK sectors, enhancing productivity and decision-making, notably in finance by automating processes and refining decisions like underwriting. However, its rapid evolution raises uncertainties and financial stability risks, including systemic issues from flawed AI models, market instability, and cyber threats. The Financial Policy Committee (FPC) is assessing these risks to ensure safe AI adoption, supporting sustainable growth through vigilant monitoring and regulation.

While #financialrisks, #politicalrisks, #compliancerisks, and #cyberrisks are more easily quantifiable, #esgrisk presents a challenge for boards to identify, assess, and develop plans to its #riskmitigation. Using #nestlé USA as a case study, the article highlights how #esg#risks can migrate across different pillars: what initially appeared as #supplychainrisk moved across pillars into #litigation and #businessrisk before settling as ongoing ESG risk proper.

Proposes a new framework for regulating operational threats such as damage to physical assets, business disruption, and system failures. It suggests replacing rwa regulation with simple buffers of equity and outlines what a "macro-operational" approach to banking supervision might look like. It also acknowledges the limitations of macro-operational supervision and considers what new types of operations-specific emergency tools might need to be devised in response.

"Using the lab, in numerical case studies, we identify two classes of measures to control systemic cyber risks: security- and topology-based interventions. We discuss the implications of our findings on selected real-world cybersecurity measures currently applied in the insurance and regulation practice or under discussion for future cyber risk control. To this end, we provide a brief overview of the current cybersecurity regulation and emphasize the role of insurance companies as private regulators."

"We apply Weick’s (1995) sensemaking framework to examine four foundational tensions of cyber-resilience: a definitional tension, an environmental tension, an internal tension, and a regulatory tension. We then document how these tensions are embedded in cyber-resilience practices at the preparatory, response and adaptive stages. We rely on qualitative data from a sample of 58 cybersecurity professionals in the financial sector..."

"We distinguish three main types of cyber risks: idiosyncratic, systematic, and systemic cyber risks. While for idiosyncratic and systematic cyber risks, classical actuarial and financial mathematics appear to be well-suited, systemic cyber risks require more sophisticated approaches that capture both network and strategic interactions."