The Bermuda Monetary Authority posted a document titled “Cyber Report 2018”. Below are some key highlights:
- Technology risk including, information security, cybersecurity and data privacy are all key enterprise risks affecting insurers regulated by the Bermuda Monetary Authority (BMA or the Authority)
- The Authority expects that the Board of Directors of all licensed entities will have evaluated the risks associated with technology risk including information security, cybersecurity and data privacy; will have incorporated these factors in the overall enterprise risk management process; and ensured that prudent policies and procedures are in place and followed by the entity
- In 2017, the Authority included questions in the 2017 year-end Commercial Insurer[2] Capital and Solvency Return (CSR) filing designed to assess information security, cybersecurity and data privacy preparedness of insurers. This information request has been enhanced in the 2018 filing to include all financial services sector players in Bermuda, which will allow broader market information and thematic assessment of the technology risk posture of licensed entities
- The information requested through that data call included: (i) underwriting data for cyber policies; (ii) confirmation of inclusion of cyber exclusion clause per line of business; and (iii) claims reported during the year, including the largest claim
- From the information provided in the 2017 year-end cyber resiliency questionnaire and feedback from the Authority’s on-site reviews covering cyber, it is apparent that technology risk awareness and cybersecurity, in particular, has grown
- The objective of this section is to share the Authority’s general observations from key data aggregated from Commercial Insurers’ regulatory submissions. This being the first year that such information was sought, there were variances in terms of interpretation of what was required; enhancements and additional guidance has been included in the cyber risk reporting requirements for 2018 year-end CSR filings
Reference(s):