Two bodies with the power to force financial firms to
comply with IT security best practice are currently conducting
investigations into the nature of digital risk. The E-Crime
Congress in London late last month heard that the International
Underwriting Association and the Financial Services Authority will
announce their findings later this year.
Marie-Louise Rossi, chief executive of the International
Underwriting Association, which represents wholesale insurers that
syndicate risks, said her organisation is systematically surveying
its members in an effort to demystify the nature of digital risk.
"Digital risk has to be handled separately from other risk until it
is better understood," she said. "To support risk, underwriters
have to price that risk to ensure they can pay the claims and
satisfy the regulators. But in order to price risk you have to
first understand it and model it."
Through its study, the International Underwriting Association aims
to better understand the nature of digital risk, raise awareness
and identify infrastructural solutions for managing digital risk.
The association is also in discussion with government about
establishing standards for measuring digital risk.
Industry watchdog the Financial Services Authority is also
conducting a major risk review of financial services organisations.
Rossi said the FSA is developing risk principles on a value-based
rather than a rules-based system.
l Also at the E-Crime Forum, the European Commission announced that
it is on the verge of an agreement to set up a Network Information
Security Agency. Based in Heraklion, Crete, the agency would raise
awareness among the public about the need for security and come up
with a model for pan-European information exchange. A director for
the initiative will be appointed in the coming months, said EU
administrator Danny de Temmerman.