Nos derniers articles

This publication presents recommendations for integrating cybersecurity incident response into risk management, using the 𝗡𝗜𝗦𝗧 𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗙𝗿𝗮𝗺𝗲𝘄𝗼𝗿𝗸 (𝗖𝗦𝗙) 𝟮.𝟬 as a reference model. It defines a life-cycle based on the six CSF functions (𝗚𝗼𝘃𝗲𝗿𝗻, 𝗜𝗱𝗲𝗻𝘁𝗶𝗳𝘆, 𝗣𝗿𝗼𝘁𝗲𝗰𝘁, 𝗗𝗲𝘁𝗲𝗰𝘁, 𝗥𝗲𝘀𝗽𝗼𝗻𝗱, 𝗥𝗲𝗰𝗼𝘃𝗲𝗿), outlines roles and responsibilities, and provides a “Community Profile” mapping priorities, recommendations, and considerations for incident response. The document also emphasizes continuous improvement, customizing guidance to organizational context, and leveraging other NIST and external resources.

The study examines behavioral and informational factors influencing German SMEs' cyber insurance decisions, based on a survey of 1,248 executives. Findings indicate that perceived financial impact and anxiety about cyberattacks significantly increase purchase likelihood, while perceived probability of attack and prior experience do not. External cybersecurity expertise positively affects demand, whereas reliance on independent Internet research reduces it, attributed to information overload. Internal risk assessments show no significant effect. Firm size is a strong determinant, with micro and small enterprises less likely to purchase than large firms. The research highlights emotional and informational influences over rational risk estimates.

The white paper examines how the EU’s **NIS2 Directive** and **DORA Regulation** impose resilience, security, and compliance obligations on critical and financial-sector entities. It describes how NIS2 applies broadly to “essential” and “important” operators, while DORA targets financial firms, and compares their requirements for risk management, incident reporting, audits, third-party oversight, governance, testing, and information sharing. The document outlines potential penalties for noncompliance, the need for gap assessments and harmonization across jurisdictions, and emphasizes that entities both inside and outside the EU may be affected by these rules.

The provided text is an **academic article** that offers a comprehensive **analytical review of cyber risk management** within the insurance industry, focusing heavily on the **mathematical models** used for risk quantification and premium pricing. The review systematically covers the current state-of-the-art in cyber risk, discussing how dynamic and interconnected threats challenge traditional actuarial methods, necessitating the use of advanced quantitative tools like **stochastic models and copulas** to manage dependencies and calculate **Solvency Capital Requirements (SCR)**. It thoroughly details various **vulnerability functions** (including the well-known Gordon-Loeb model and its extensions) and different **premium calculation principles** (such as Expected Value and Mean-Variance), concluding that closer collaboration between different disciplines is essential for developing **robust cyber insurance and reinsurance solutions** in an increasingly digital landscape.

The report discusses the growing threat of cyber risk to the EU's financial stability. Key points include:

• Cyber risk is a significant and systemic threat to the EU's financial sector, with increasing frequency and sophistication of attacks.

• Factors amplifying risk include geopolitical tensions, third-party IT dependencies, and the dual-edged impact of AI.

• The financial sector, including banks and insurers, faces tangible impacts from cyber threats.

• DORA is seen as a critical step requiring ongoing commitment to vigilance and resource allocation for digital infrastructure defense.

En France, l’Open Banking s’impose sous un impératif clair : protéger les données des utilisateurs. Le dernier rapport de l’ACPR rappelle que la confiance repose sur un cadre robuste, incarné par la directive européenne DSP2. Celle-ci impose une authentification renforcée et privilégie l’usage d’API standardisées, jugées plus sûres que le webscrapping. Les grands groupes bancaires ont déployé une gouvernance stricte, incluant tests, contrôles et mécanismes de secours. De son côté, le régulateur veille au respect de ces obligations grâce à une supervision en temps réel. L’enjeu : concilier sécurité maximale et fluidité d’usage.

The 𝗖𝗲𝗻𝘁𝗿𝗮𝗹 𝗕𝗮𝗻𝗸 𝗼𝗳 𝗜𝗿𝗲𝗹𝗮𝗻𝗱 guidance highlights 𝗰𝘆𝗯𝗲𝗿 𝗿𝗶𝘀𝗸𝘀 as a central component of 𝗼𝗽𝗲𝗿𝗮𝘁𝗶𝗼𝗻𝗮𝗹 𝗿𝗲𝘀𝗶𝗹𝗶𝗲𝗻𝗰𝗲 𝗶𝗻 𝗳𝗶𝗻𝗮𝗻𝗰𝗶𝗮𝗹 𝘀𝗲𝗿𝘃𝗶𝗰𝗲𝘀, framing them under 𝗜𝗖𝗧 𝗿𝗶𝘀𝗸 and 𝗱𝗶𝗴𝗶𝘁𝗮𝗹 𝗼𝗽𝗲𝗿𝗮𝘁𝗶𝗼𝗻𝗮𝗹 𝗿𝗲𝘀𝗶𝗹𝗶𝗲𝗻𝗰𝗲. It identifies cyber incidents and attacks as major disruptive events, alongside technology failures and insider threats. ICT risk is defined broadly, encompassing threats to systems, operations, and services. Firms are expected to align ICT resilience strategies with critical business services and integrate incident management into resilience frameworks. The guidance emphasizes alignment with 𝗗𝗢𝗥𝗔 and 𝗡𝗜𝗦𝟮, marking a regulatory shift from earlier cybersecurity guidance toward 𝙝𝙖𝙧𝙢𝙤𝙣𝙞𝙯𝙚𝙙, 𝙝𝙤𝙡𝙞𝙨𝙩𝙞𝙘 𝙧𝙚𝙨𝙞𝙡𝙞𝙚𝙣𝙘𝙚 𝙥𝙧𝙖𝙘𝙩𝙞𝙘𝙚𝙨.

Le document présente les résultats du Baromètre France Num 2025, une enquête évaluant la maturité numérique des TPE et PME françaises. Il détaille les objectifs de l'étude, la méthodologie employée (incluant un vaste échantillon de 11 021 entreprises), et fournit une synthèse des perceptions et pratiques numériques de ces entreprises. L'analyse couvre divers aspects tels que la satisfaction vis-à-vis du numérique, les outils de promotion et de vente en ligne, les solutions de gestion et de collaboration, l'adoption de l'intelligence artificielle, les préoccupations liées à la cybersécurité, la connectivité, et les efforts en matière de sobriété numérique. Enfin, il explore les compétences numériques, les dépenses et projets futurs, et propose une typologie des entreprises en fonction de leur niveau de numérisation et de leurs projets en cours.

The paper provides critical theoretical and practical contributions to actuarial science by demonstrating the often-overlooked significance of higher-order mixed moments. It offers tools for robust risk assessment through sharp bounds and standardized rank coefficients. The findings emphasize that while higher-order moments often have a monotonic effect on overall capital requirements and life annuity pricing, their influence on individual risk contribution can be highly nuanced. This calls for actuaries and risk managers to move beyond traditional second-order moment analysis and carefully consider complex dependence structures to ensure accurate risk management and pricing in insurance.

This article argues that there is an increasing erosion of the traditional public-private divide, which is a key principle of liberalism and the rule of law. The authors identify a gradual shift, starting with the "responsibilization" of private actors and progressing to risk-based regulation like the GDPR. They contend that the DSA and AI Act represent a new milestone, as they delegate regulatory powers to private companies, effectively turning them into regulators of their TPSPs. This “privatization of public action” is seen as a serious threat to the rule of law because it removes public action from public scrutiny. To address this, the authors suggest connecting the rule of law more closely with democracy, which could help set boundaries for the legislative conferral of regulatory powers to private entities.