Nos derniers articles

The study examines behavioral and informational factors influencing German SMEs' cyber insurance decisions, based on a survey of 1,248 executives. Findings indicate that perceived financial impact and anxiety about cyberattacks significantly increase purchase likelihood, while perceived probability of attack and prior experience do not. External cybersecurity expertise positively affects demand, whereas reliance on independent Internet research reduces it, attributed to information overload. Internal risk assessments show no significant effect. Firm size is a strong determinant, with micro and small enterprises less likely to purchase than large firms. The research highlights emotional and informational influences over rational risk estimates.

The white paper examines how the EU’s **NIS2 Directive** and **DORA Regulation** impose resilience, security, and compliance obligations on critical and financial-sector entities. It describes how NIS2 applies broadly to “essential” and “important” operators, while DORA targets financial firms, and compares their requirements for risk management, incident reporting, audits, third-party oversight, governance, testing, and information sharing. The document outlines potential penalties for noncompliance, the need for gap assessments and harmonization across jurisdictions, and emphasizes that entities both inside and outside the EU may be affected by these rules.

The provided text is an **academic article** that offers a comprehensive **analytical review of cyber risk management** within the insurance industry, focusing heavily on the **mathematical models** used for risk quantification and premium pricing. The review systematically covers the current state-of-the-art in cyber risk, discussing how dynamic and interconnected threats challenge traditional actuarial methods, necessitating the use of advanced quantitative tools like **stochastic models and copulas** to manage dependencies and calculate **Solvency Capital Requirements (SCR)**. It thoroughly details various **vulnerability functions** (including the well-known Gordon-Loeb model and its extensions) and different **premium calculation principles** (such as Expected Value and Mean-Variance), concluding that closer collaboration between different disciplines is essential for developing **robust cyber insurance and reinsurance solutions** in an increasingly digital landscape.

The report discusses the growing threat of cyber risk to the EU's financial stability. Key points include:

• Cyber risk is a significant and systemic threat to the EU's financial sector, with increasing frequency and sophistication of attacks.

• Factors amplifying risk include geopolitical tensions, third-party IT dependencies, and the dual-edged impact of AI.

• The financial sector, including banks and insurers, faces tangible impacts from cyber threats.

• DORA is seen as a critical step requiring ongoing commitment to vigilance and resource allocation for digital infrastructure defense.

En France, l’Open Banking s’impose sous un impératif clair : protéger les données des utilisateurs. Le dernier rapport de l’ACPR rappelle que la confiance repose sur un cadre robuste, incarné par la directive européenne DSP2. Celle-ci impose une authentification renforcée et privilégie l’usage d’API standardisées, jugées plus sûres que le webscrapping. Les grands groupes bancaires ont déployé une gouvernance stricte, incluant tests, contrôles et mécanismes de secours. De son côté, le régulateur veille au respect de ces obligations grâce à une supervision en temps réel. L’enjeu : concilier sécurité maximale et fluidité d’usage.

The 𝗖𝗲𝗻𝘁𝗿𝗮𝗹 𝗕𝗮𝗻𝗸 𝗼𝗳 𝗜𝗿𝗲𝗹𝗮𝗻𝗱 guidance highlights 𝗰𝘆𝗯𝗲𝗿 𝗿𝗶𝘀𝗸𝘀 as a central component of 𝗼𝗽𝗲𝗿𝗮𝘁𝗶𝗼𝗻𝗮𝗹 𝗿𝗲𝘀𝗶𝗹𝗶𝗲𝗻𝗰𝗲 𝗶𝗻 𝗳𝗶𝗻𝗮𝗻𝗰𝗶𝗮𝗹 𝘀𝗲𝗿𝘃𝗶𝗰𝗲𝘀, framing them under 𝗜𝗖𝗧 𝗿𝗶𝘀𝗸 and 𝗱𝗶𝗴𝗶𝘁𝗮𝗹 𝗼𝗽𝗲𝗿𝗮𝘁𝗶𝗼𝗻𝗮𝗹 𝗿𝗲𝘀𝗶𝗹𝗶𝗲𝗻𝗰𝗲. It identifies cyber incidents and attacks as major disruptive events, alongside technology failures and insider threats. ICT risk is defined broadly, encompassing threats to systems, operations, and services. Firms are expected to align ICT resilience strategies with critical business services and integrate incident management into resilience frameworks. The guidance emphasizes alignment with 𝗗𝗢𝗥𝗔 and 𝗡𝗜𝗦𝟮, marking a regulatory shift from earlier cybersecurity guidance toward 𝙝𝙖𝙧𝙢𝙤𝙣𝙞𝙯𝙚𝙙, 𝙝𝙤𝙡𝙞𝙨𝙩𝙞𝙘 𝙧𝙚𝙨𝙞𝙡𝙞𝙚𝙣𝙘𝙚 𝙥𝙧𝙖𝙘𝙩𝙞𝙘𝙚𝙨.

Le document présente les résultats du Baromètre France Num 2025, une enquête évaluant la maturité numérique des TPE et PME françaises. Il détaille les objectifs de l'étude, la méthodologie employée (incluant un vaste échantillon de 11 021 entreprises), et fournit une synthèse des perceptions et pratiques numériques de ces entreprises. L'analyse couvre divers aspects tels que la satisfaction vis-à-vis du numérique, les outils de promotion et de vente en ligne, les solutions de gestion et de collaboration, l'adoption de l'intelligence artificielle, les préoccupations liées à la cybersécurité, la connectivité, et les efforts en matière de sobriété numérique. Enfin, il explore les compétences numériques, les dépenses et projets futurs, et propose une typologie des entreprises en fonction de leur niveau de numérisation et de leurs projets en cours.

The paper provides critical theoretical and practical contributions to actuarial science by demonstrating the often-overlooked significance of higher-order mixed moments. It offers tools for robust risk assessment through sharp bounds and standardized rank coefficients. The findings emphasize that while higher-order moments often have a monotonic effect on overall capital requirements and life annuity pricing, their influence on individual risk contribution can be highly nuanced. This calls for actuaries and risk managers to move beyond traditional second-order moment analysis and carefully consider complex dependence structures to ensure accurate risk management and pricing in insurance.

This article argues that there is an increasing erosion of the traditional public-private divide, which is a key principle of liberalism and the rule of law. The authors identify a gradual shift, starting with the "responsibilization" of private actors and progressing to risk-based regulation like the GDPR. They contend that the DSA and AI Act represent a new milestone, as they delegate regulatory powers to private companies, effectively turning them into regulators of their TPSPs. This “privatization of public action” is seen as a serious threat to the rule of law because it removes public action from public scrutiny. To address this, the authors suggest connecting the rule of law more closely with democracy, which could help set boundaries for the legislative conferral of regulatory powers to private entities.

This paper 𝗲𝘅𝗮𝗺𝗶𝗻𝗲𝘀 𝘁𝗵𝗲 𝗲𝘀𝗰𝗮𝗹𝗮𝘁𝗶𝗻𝗴 𝘁𝗵𝗿𝗲𝗮𝘁 𝗼𝗳 𝗔𝗜-𝗱𝗿𝗶𝘃𝗲𝗻 𝗳𝗿𝗮𝘂𝗱 𝗮𝗻𝗱 𝗰𝘆𝗯𝗲𝗿𝗰𝗿𝗶𝗺𝗲, highlighting how criminal organizations are rapidly adopting advanced AI, particularly generative AI, to execute sophisticated attacks. It details how these malicious uses lead to 𝗶𝗻𝗰𝗿𝗲𝗮𝘀𝗲𝗱 𝗳𝗶𝗻𝗮𝗻𝗰𝗶𝗮𝗹 𝗹𝗼𝘀𝘀𝗲𝘀, 𝗺𝗼𝗿𝗲 𝗶𝗻𝘁𝗿𝗶𝗰𝗮𝘁𝗲 𝗰𝗿𝗶𝗺𝗲 𝗽𝗮𝘁𝘁𝗲𝗿𝗻𝘀, 𝗮𝗻𝗱 𝗻𝗼𝘃𝗲𝗹 𝘀𝗰𝗮𝗺 𝘁𝘆𝗽𝗼𝗹𝗼𝗴𝗶𝗲𝘀, such as deepfakes and advanced phishing. The document also 𝗲𝘅𝗽𝗹𝗼𝗿𝗲𝘀 𝘁𝗵𝗲 𝗰𝗵𝗮𝗹𝗹𝗲𝗻𝗴𝗲𝘀 𝗳𝗮𝗰𝗲𝗱 𝗯𝘆 𝗳𝗶𝗻𝗮𝗻𝗰𝗶𝗮𝗹 𝗶𝗻𝘀𝘁𝗶𝘁𝘂𝘁𝗶𝗼𝗻𝘀 𝗶𝗻 𝗱𝗲𝗳𝗲𝗻𝗱𝗶𝗻𝗴 𝗮𝗴𝗮𝗶𝗻𝘀𝘁 𝘁𝗵𝗲𝘀𝗲 𝘁𝗵𝗿𝗲𝗮𝘁𝘀, citing issues like slow AI adoption, outdated risk management frameworks, and underinvestment in defense systems. Ultimately, it 𝗮𝗱𝘃𝗼𝗰𝗮𝘁𝗲𝘀 𝗳𝗼𝗿 𝘁𝗵𝗲 𝘂𝗿𝗴𝗲𝗻𝘁 𝗱𝗲𝘃𝗲𝗹𝗼𝗽𝗺𝗲𝗻𝘁 𝗼𝗳 𝗮𝗴𝗶𝗹𝗲, 𝗔𝗜-𝘃𝗲𝗿𝘀𝘂𝘀-𝗔𝗜 𝗱𝗲𝗳𝗲𝗻𝘀𝗲 𝘀𝘁𝗿𝗮𝘁𝗲𝗴𝗶𝗲𝘀 and emphasizes the critical need for industry-wide cooperation to counteract the evolving landscape of AI-enabled financial crime.