Risk Management

P&U sector rethinks business models to tackle cyber security challenges

BY Fraser Tennant

Understanding the cyber security challenges facing the power and utilities (P&U) sector and improving how businesses respond to them is the overarching theme of a new EY report published this week.

In EY’s ‘Creating trust in the digital world’ global information survey 2015, 1755 respondents from global P&U organisations provide insight into the most important cyber security issues facing the sector today – a sector currently undergoing major transformation due to the introduction of smart meters and data networks across the digital energy value chain.

Moreover, the onset of this digital energy value chain, what EY describes as the “attack surface” of P&U organisations, is expanding considerably, as is the sophistication and persistence of the cyber attacks being launched by cyber criminals.

Highlighting the main concerns of the P&U sector, the EY report reveals that 19 percent of P&U responders admit that they do not have an information security strategy; 46 percent point to a lack of executive awareness or support as a major obstacle to dealing with threats to cyber security; and 55 percent confirm that their organisation does not have a dedicated security operations centre (SOC).

In terms of how P&U organisations should manage a cyber attack, the report recommends that they first identify their key risk management principles and apply them to the cyber risk issue. Fundamentally, this means knowing their critical assets; making cyber risk more tangible; aligning cyber risk with existing risk frameworks; making cyber risk relevant to the business; and embedding risk appetite within investment decisions.   

Furthermore, says EY, organisations should adopt a three-stage improvement process: (i) ‘Activate’ (establishing and improving cyber security foundations); (ii) ‘Adapt’ (adapting cyber security to changing requirements); and (iii) ‘Anticipate’ (predicting what is coming to be better prepared).

“P&U companies are rethinking their business models by being more innovative and offering a richer customer and employee experience through a variety of channels”, states the report. “However, there are significant cyber threats, and organisations need to recognise and understand the current challenges to get ahead of the cyber criminals.”

Although the EY report makes it clear that the P&U organisations are indeed making significant progress as far as tightening up their cyber security, the overriding message is that there remains considerable room for improvement across the sector.

Report: Global information survey 2015: creating trust in the digital world

Telecoms giants Orange and Bouygues in $10bn merger talks

BY Fraser Tennant

Following months of speculation, France-based telecommunications giants Orange and Bouygues Telecom have confirmed discussions surrounding a potential merger – a combination that, if it goes ahead, would account for approximately 50 percent of the French mobile and fixed telecoms market.

Although there has been no official statement made as to what a deal may be worth, according reports by MarketWatch earlier this week, Orange has made an offer totalling €10bn ($10.9bn), a submission comprising €8bn in shares and €2bn in cash.

A confidentiality agreement between Orange and Bouygues means that detailed comment from either party has thus far been thin on the ground, but in a statement an Orange spokesperson said that “discussions are not limited by any particular calendar and hold no commitment to any particular predefined outcome".

Furthermore, Orange indicated that it was “exploring the opportunities available within the French telecoms market, while keeping in mind that its investments and its solid position afford it a total independence in its approach".

In an equally sparse statement, Bouygues related that it was “interested in opportunities that would enable it to bolster its long-term presence in the telecoms sector” and would “invest momentum” within a sector which it believes must remain strong to serve the best interests of the consumer.

Much of the merger talk is believed to be due to the disruptive effects of a price war sparked by the entry of a fourth mobile operator – Free Mobile (owned by Iliad SA) – into the French market in 2012. Orange, by way of acquiring Bouygues, hopes to reduce competition, allowing it to invest in high-speed mobile and cable networks and compete with their counterparts in the US and Japan.

However, within a highly fragmented European cellphone market, any attempt at a merger by Orange (the biggest operator in France with 28 million customers) and Bouygues (the third biggest operator with 14 million customers) will require the approval of antitrust authorities and involve the disposal of significant assets.

Should the move by Orange to acquire Bouygues come to pass, analysts believe that the combined company’s market capitalisation could reach €50bn – around 20 percent more than the current value of Orange.

Keeping its cards close to its chest, Orange also stated that it will act solely in the interests of its shareholders, its employees and its customers and be particularly vigilant with regards to the value created through any resulting project.

News: Orange in Talks to Acquire Bouygues Telecom

RiskMap 2016: navigating the ‘contours of risk and opportunity’ in a volatile world

BY Fraser Tennant

“Risk is a necessary precondition for opportunity”, according to a new report – ‘RiskMap 2016’ – which examines the key risks, opportunities and trends that businesses are likely to face in 2016.

The report, compiled annually by Control Risks, forecasts that 2016 will be a challenging year for businesses as they are forced to navigate escalating security and political risks.

Among the risks highlighted in the report, which claims that the security and political risk outlook appears worse than at any point in the past 10 years, are concerns pertaining to terrorism, Middle Eastern instability, cyber risk, a Chinese economy in transition, and European financial and political uncertainties.

 All in all, RiskMap 2016 paints a picture of a more volatile world in 2016.

Yet the report does make clear that there are causes for optimism including: (i) the possibility of further successes of multilateral diplomacy following the landmark Iranian nuclear deal and the restoration of US ties with Cuba; (ii) stable growth in most western economies; (iii) the possibility of a gradual rise in commodity prices as the decade continues; and (iv) indications by governments that they are willing to cooperate on environmental issues.

“These risks - and many others - will continue to threaten unprepared businesses”, says Richard Fenning, CEO of Control Risks. “Whether it is the see-sawing balance of economic power between the East and the West, uncertainty about the future of commodities prices, the disconcerting metastasis of IS, the ramifications of China’s adjustment to its new economic reality, or an explosion in the frequency and severity of criminal cyber-attacks, successful businesses will need to prepare themselves to face tough challenges on a number of fronts.”

Furthermore, believes Fenning, these political and security concerns need not translate into major obstacles for businesses as he expects the relative political stability of Western democracies to give their economies a “renewed competitive advantage” over developing economies that are faced with stagnant growth and political unrest (such as China and India).

Continued Mr Fenning: “It would be easy to think the world has never been more unsettled, or unpredictable, than now. But businesses and investors would do well to remember that, despite the many risks and challenges that 2016 will present, the world has always been a shifting and unpredictable place.”

Report: RiskMap Report 2016

NYC banking regulator reveals cyber security guidelines

BY Richard Summerfield

Unless you have been living under a rock for the last few years, it will not have escaped your attention that instances of cyber crime have become increasingly prevalent in the business community. It seems not a week goes by without a cyber breach grabbing the headlines  along with a swathe of sensitive data.

Various regulatory bodies have taken steps to guide firms through the minefield of cyber security. This week, New York’s leading banking regulator – the New York Financial Department of Services (NYDFS) – became the latest to follow suit. The NYDFS felt motivated to act as, in its own words, it "considers cyber security to be among the most critical issues facing the financial world today".

In a letter to other state and federal regulators, including the US Office of the Comptroller of the Currency and Federal Reserve Board of Governors, the NYDFS revealed details about its potential new cyber security regulations for the banks and insurance companies which fall under its jurisdiction. These regulations could include a requirement for institutions to notify companies of data breaches. "It is our hope that this letter will help spark additional dialogue, collaboration and, ultimately, regulatory convergence among our agencies on new, strong cyber security standards for financial institutions," wrote Anthony Albanese, NYDFS’ acting superintendent.

Organisations would also be obliged to ensure that contracts with third parties included a set of rules designed to keep sensitive data safe, including the use of multi-factor authentication, both internally and on customer log-on pages, and data encryption. Two step authentication is becoming increasingly popular online. Social media giants like Facebook and Twitter, services such as Gmail, and even online video games now offer multistep authentication. As such, it seems only logical that financial institutions embrace the technology.

Firms would also be required to appoint a chief information security officer if they do not already have one. The CISO would be responsible for overseeing policy, while cyber security staff would be required to undergo mandatory training.

Under potential new regulations, third party vendors – such as law firms, data processors and auditors – would also be required to achieve compliance moving forward.

News: NY banking regulator unveils details on planned cyber security rule

 

 

Global cyber insurance market predicted to expand to $7.5bn by 2020

BY Fraser Tennant

A prediction that the global cyber insurance market could expand to $7.5bn in annual premiums by 2020 is among the headline findings of new research published by PwC this week.

The research report – ‘Insurance 2020 & beyond: Reaping the dividends of cyber resilience' – also suggests that as boards become increasingly aware of the need to protect against potentially devastating cyber attacks, insurers will find more clients questioning the value of their current policies.

The PwC analysis follows hot on the heels of the firm’s 18th Annual Global CEO Survey, which revealed that 61 percent of business leaders across all industries see cyber attacks as a threat to the growth of their business.

"If insurers continue to simply rely on tight blanket policy restrictions and conservative pricing strategies to cushion the uncertainty, they are at serious risk of missing this rare market opportunity to secure high margins in a soft market," said Paul Delbridge, an insurance partner at PwC.

Furthermore, Mr Delbridge believes that should the cyber insurance industry take too long to innovate, there is a very real risk that a disruptor will attempt to move in and corner the market with aggressive pricing and more favourable terms.

Additionally, the PwC report finds that insurers (as well as reinsurers and brokers) can maximise opportunities whilst managing exposures by: (i) maintaining their own cyber risk management credibility through effective in-house safeguards against cyber attacks; (ii) robustly modelling exposures and potential losses to provide a better understanding of the evolving threat; (iii) identifying concentrations of exposure and systemic risks in an increasingly interconnected economy; and (iv) assessing and monitoring trends in frequencies and severities of attritional and large losses, and in the types of attack being perpetrated.

“For insurers, cyber risk is in many ways a risk like no other," opines Mr Delbridge. “It is equally an opportunity. Insurers who wish to succeed will base their future coverage offerings on conditional regular risk assessments of client operations and the actions required in response to these reviews. A more informed approach will enable insurers to reduce uncertain exposures whilst offering clients the types of coverage and attractive premium rates they are beginning to ask for.”

Report: Insurance 2020 & beyond: Reaping the dividends of cyber resilience

©2001-2024 Financier Worldwide Ltd. All rights reserved. Any statements expressed on this website are understood to be general opinions and should not be relied upon as legal, financial or any other form of professional advice. Opinions expressed do not necessarily represent the views of the authors’ current or previous employers, or clients. The publisher, authors and authors' firms are not responsible for any loss third parties may suffer in connection with information or materials presented on this website, or use of any such information or materials by any third parties.