Bermuda Monetary Authority Insurance Sector Operational Cyber Risk Management Code of Conduct
Is your organisation ready?
Across the globe, and in Bermuda, cyberattacks are increasing in frequency and sophistication. The Financial Services sector is a key target, and there are many well-publicized cybercrime cases involving Financial Institutions.
Overview
Cybercriminals are becoming more sophisticated, and the cost of cybercrime is becoming increasingly intolerable. The stakeholders – including boards, regulators, investors, analysts, business partners, and customers – expect greater visibility into an organisation’s cybersecurity risk management programme.
In light of the growing cyber threats to the insurance sector, the Bermuda Monetary Authority (BMA) published their Insurance Sector Operational Cyber Risk Management Code of Conduct on October 6, 2020. The Code came into force on 1 January 2021 and registrants are required to be in compliance by 31 December 2021. The ultimate goal of the Code is to ensure that insurance entities regulated by the BMA establish a robust cybersecurity program and comply with related requirements.
The Code prescribes specific requirements to ensure appropriate cybersecurity programs are in place. Regulated entities should implement the Code in proportion to their cyber risk profile (nature, scale and complexity of their business), following an appropriate assessment of their cyber risks. Each entity is required to assess its particular risk profile and design a program that robustly addresses such risks.
We are here to help
Every entity is at a different place when it comes to the maturity of its cybersecurity risk management program. Besides, the nature and magnitude of cyber risks are continuously evolving, and so are the practices for staying ahead of these threats. That’s why it’s essential to understand where you stand today by proactively performing a compliance readiness assessment and addressing the gaps.
