The Operational Cyber Risk Management Code of Conduct applies to all Bermuda registered insurers, insurance managers, and insurance intermediaries in the jurisdiction. The Code became effective on 1 January 2021 and full compliance is required by 31 December 2021. It comes at a time when high profile cyber incidents are becoming more prevalent, heightening risks of severe financial losses and reputational damage. The new regulations represent a codification of best practices that have organically developed within Bermuda’s insurance industry over the years. As such, many insurers that already have robust IT policies and systems in place may not find compliance with the Code to be excessively onerous.