Newsletter


shutterstock_582641131_jirsak
Shutterstock
28 April 2021Bermuda analysis

Beware increased cyber risk from third party service providers: BMA


Insurers should be aware that engaging with third party service providers leaves them exposed to heightened cyber risk, and take steps to mitigate this risk, according to the Bermuda Monetary Authority (BMA).

In its Bermuda Insurance Sector Operational Cyber Risk Management 2020 Report, the BMA warned that information should be classified and protected in a manner commensurate with its sensitivity, value and criticality, ensuring it does not fall into the wrong hands.

“An asset inventory should be put in place, detailing all information assets,” the BMA said. “The information must be classified in terms of its value, legal requirements, sensitivity and criticality to the organisation.”

The BMA stressed the importance of managing cyber risk when dealing with third parties and supply chains, which it said is an important part of the risk management process, calling on senior management to take responsibility for cyber safety.

“The board of directors and senior management team must have oversight of cyber risks,” the BMA said. “The board of directors must approve a cyber risk policy document at least annually. The cyber risk may be covered in a standalone cyber risk policy document or as a section in a broader risk policy document.”

It said registrants must perform an assessment of their DLP control requirements, to ensure controls are in place to prevent data leaving the enterprise in an unauthorised manner.

“Registrants must have patch management procedures that define the identification, categorisation and prioritisation of security patches,” it said. “Registrants must pay close attention to a vendor’s end-of-support date as matches may no longer be available after this date.”

It advised insurers who trust third parties with data, or to deliver IT services, to “consider having contractual clauses in place to ensure their security requirements are met.”

The BMA vowed to continue monitoring cyber irsk filing returns, and the evolving cyber risk landscape, and to “keep consulting with the insurance sector in a proactive manner.”



Editor's picks

news
Micro captives stay on IRS Dirty Dozen list
12 April 2024

Editor's picks

news
Micro captives stay on IRS Dirty Dozen list
12 April 2024   The federal agency has released its Dirty Dozen list for 2024.
news
Giles to join ClearPoint Health
9 April 2024
news
RMC emerges victorious against IRS in micro captive case
8 April 2024
news
CCRIF unveils four Ivan+20 scholarships
4 April 2024
news
Ryskex opens office in Lloyd’s building
4 April 2024
news
Giles leaves MSL Captive Solutions
1 April 2024

Related content

Marsh creates cyber group captive
Captive International publishes 20th anniversary edition
Affiliate of Everton buyer has rating downgraded
DARAG closes captive legacy deals in Bermuda and Cayman
Compre forms new global claims arm
Amazon corporate risk chief to speak at Bermuda Risk Summit
Bermuda Captive Conference unveils keynote speaker
‘Very active’ Bermuda captive market can offer climate risk solutions