FERMA welcomes the European Commission’s initiative that seeks to harmonize practices at EU level and provide clear benchmarks on cyber security. FERMA recommends to the European Commission a horizontal legislation for the CRA involving the implementation of a common regulatory approach.
It will be applicable to all categories and
risk profiles of ICT products in order to guarantee the functioning and
harmonisation of the Internal Market. This will ensure certain level
playing field and the development of the Digital Single Market.
FERMA has also emphasizes the importance of ensuring proportionality in
the future CRA to guarantee fair competition by for instance, allowing
self-assessment at a certain level of nature, scale and complexity of
organisation (i.e. SMEs).
A transitional period in any form of EU intervention should also be
foreseen for companies to adapt, given the quick evolution of cyber
risks and threats.
Still, FERMA believes that the CRA is only a brick in the wall of cyber resilience in the EU. Therefore, FERMA calls on the European Commission to foster a global risk management approach to cyber resilience
encompassing the identification, assessment and treatment of cyber
risks. This global approach could draw upon FERMA’s work in the area of
cyber risk governance.
FERMA has been an active contributor to the EU’s
Digital Agenda for many years. In addition to the publication on cyber
risk governance with ECIIA, FERMA has also produced a report on cyber insurance (here), a guide on AI in risk management (here), and has held multiple webinars on the topic including one on the GDPR (here).
Cyber risk management is a top priority for companies. In
fact, it has grown in importance in recent years. For instance, in 2018
when FERMA surveyed European risk managers, 37% of the respondents
identified cyber threats as the most critical to their organisation.
This figure rose to 63% in 2022, according to our last European Risk Manager survey.
Full paper
FERMA
© FERMA
Key
Hover over the blue highlighted
text to view the acronym meaning
Hover
over these icons for more information
Comments:
No Comments for this Article