Industry watchdogs look into issues of digital risk

Two bodies with the power to force financial firms to comply with IT security best practice are currently conducting...

Two bodies with the power to force financial firms to comply with IT security best practice are currently conducting investigations into the nature of digital risk. The E-Crime Congress in London late last month heard that the International Underwriting Association and the Financial Services Authority will announce their findings later this year.

Marie-Louise Rossi, chief executive of the International Underwriting Association, which represents wholesale insurers that syndicate risks, said her organisation is systematically surveying its members in an effort to demystify the nature of digital risk.

"Digital risk has to be handled separately from other risk until it is better understood," she said. "To support risk, underwriters have to price that risk to ensure they can pay the claims and satisfy the regulators. But in order to price risk you have to first understand it and model it."

Through its study, the International Underwriting Association aims to better understand the nature of digital risk, raise awareness and identify infrastructural solutions for managing digital risk. The association is also in discussion with government about establishing standards for measuring digital risk.

Industry watchdog the Financial Services Authority is also conducting a major risk review of financial services organisations. Rossi said the FSA is developing risk principles on a value-based rather than a rules-based system.

l Also at the E-Crime Forum, the European Commission announced that it is on the verge of an agreement to set up a Network Information Security Agency. Based in Heraklion, Crete, the agency would raise awareness among the public about the need for security and come up with a model for pan-European information exchange. A director for the initiative will be appointed in the coming months, said EU administrator Danny de Temmerman.

Read more on IT risk management