ECIIA and FERMA have launched joint guidance aimed at helping organisations across Europe develop an effective cyber governance framework.
The framework – detailed in At the junction of corporate governance and cybersecurity – enables companies to make consistent and understandable decisions about their security measures, risk management and overall cyber security posture.
“Risk managers and internal auditors play an important role of coordination and cooperation to build an effective and resilient cyber security system within an organisation,” ECIIA President Henrik Stein says. ”We hope to convince organisations and regulators about the importance of a strong governance model to mitigate cyber risks.”
The guidance outlines a comprehensive risk management approach to cybersecurity, a cyber awareness program covering everyone in the organisation from top to bottom and, most important, the interactions between the three lines of defense to facilitate the communication to the board that is ultimately responsible for the oversight of the cyber governance framework.
Read the guidance here.
ECIIA members attended a free cyber risk governance conference held in Brussels on 29 June hosted by MEP Antennas Guoga.
The event – organised jointly by ECIIA and FERMA – presented recommendations a new cyber risk governance model designed to include key internal stakeholders, the risk and audit committees. A working group representing risk managers and internal auditors from eight EU countries developed the model and other recommendations was presented at the event.
The proposed model will increase cyber-resilience, define the key stakeholders and the conditions for success.
Developing cyber governance principles for greater resilience is supported by the World Economic Forum, which published a report in January 2017: Advancing cyber resilience: principles and tools for boards.
See the full programme here.
When: Thursday 29 June 2017 from 16:00 to 18:00 (CET time)
Where: European Parliament – JAN 6Q1 / Rue Wiertz 60, Brussels, Belgium
ECIIA members are invited to sign up today for a major debate at the 20th European Corporate Governance Conference to take place on 4th May in Malta.
The conference will open with keynote speeches from the Maltese Minister for Finance, Edward Scicluna, and the Commissioner for Justice, Consumers and Gender Equality Minister Vĕra Jourová.
Panel discussions on creating long-term value, rebuilding trust with corporate governance, corporate social responsibility and digitisation promise to tackle the most pressing issues facing internal auditors and their stakeholders. Silvio de Girolamo, ECIIA Board Member and Chief Audit Executive, Autogrill Group is a panellist.
“This conference represents a fantastic opportunity for auditors to get up-to-speed with the most recent corporate governance thought-leadership,” Henrik Stein, ECIIA President, says. “The lessons learned should help auditors better understand where their work can add value.”
View the programme here.
Sign up today here.
Given the growing risk posed by cyberattacks on businesses across Europe, ECIIA and the Federation of European Risk Management Associations (FERMA) have launched a joint initiative aimed at helping organisations strengthen their cyber defences.
The group’s key objective is to help define the best governance model when managing cyber risk. The two bodies set up a working group to explore the scope and range of the work needed, which held its first meeting in 11 January 2017 in Brussels.
“We want to explore ways of helping organisations create better risk management and auditing structures to deal with this threat,” Henrik Stein, ECIIA President, says. “Given the fast- moving nature of cyber-risk and recent European legislative changes, a fresh look at how such threats are managed is timely.”
The group will The European Parliament adopted the Network and Information Security Directive July 2016, which EU countries have 21 months to transpose into local legislation – and an extra six months to designate national authorities to deal with cyber matters. The legislation is aimed at strengthening Europe’s cyber defenses.
In May 2016, it adopted the General Data Protection Regulation, which comes into effect 25th May 2018. The legislation introduces tougher measures on data protection and higher sanctions for those who do not comply.
The ECIIA/FERMA working group aims to publish its preliminary findings in the summer.