BMA wants insurers to boost cyberdefences
All Bermudian-based insurance companies could soon be required to report cyber events that affect their operations to the Bermuda Monetary Authority.
The potential vulnerability of insurance companies to such attacks has been investigated by the regulator.
The BMA has identified areas of concern in its Bermuda Insurance Sector Operational Cyber Risk Management 2019 report, and said operational cyber-risk is a “critical risk” and that it expects directors of insurance companies to ensure “prudent policies, procedures and controls are in place” with regards to cyber-risk.
The regulator said a growing number of Bermudian-registered insurance companies have improved their resilience to cyber attacks. However, it has identified areas that need further improvement, including board-approved operational cyber-risk strategy and policy, and “tabletop testing” of security incident response plans.
The BMA said 77 per cent of commercial insurers have operational cyber-risk insurance in place, however, a “lower than expected” 68 per cent reported having the best practice “three lines of defence” model in place — the lines of defence being operational control owner, risk function, and audit.
In addition, the BMA found that only 66 per cent of commercial insurers reported having data loss prevention controls in place. It said: “This is a lower percentage than expected; incidents resulting in data breach often lead to both financial loss and reputational damage.”
The regulator is currently consulting for the introduction of an Operational Cyber Risk Management Code of Conduct to be applied to all insurance entities. It will set out the BMA’s expectations for companies to demonstrate prudent cyber-risk management process and technical controls.
The code is expected to come into effect in January 2021, with enforcement starting six months later.
The BMA said it is also looking to introduce a cyber-reporting event requirement for all insurance companies as part of its legislative agenda for this year.
Patient to sue BHB for negligence
Romantic Karl scores marathon proposal
Internet users about $800,000 ‘Samsung’ scam
Kevin nears $300,000 target in wife’s memory
I got it wrong and for that I apologise
Art is life and now it is on show
An apology to Robert Pires
Bascome claims unanimous points win
Man arrested after crash on Friday
Job advice for former BF&M staff
Alert over spike in flu cases
Sobriety checkpoints next weekend
Seafarers to attend Sea Sunday service
Student summer work programme now open
Biff film captures explosion of pop music
Take Our Poll