Newsletter


28 April 2021News

BMA warns on cyber risk when using third party service providers

Insurers should be extra careful when dealing with third party administrators and service providers, which could expose them to additional cyber risk, according to the Bermuda Monetary Authority (BMA).

In its Bermuda Insurance Sector Operational Cyber Risk Management 2020 Report, the BMA advised insurers who trust third parties with data, or to deliver IT services, to “consider having contractual clauses in place to ensure their security requirements are met.”

It said information should be classified and protected in a manner commensurate with its sensitivity, value and criticality. “An asset inventory should be put in place, detailing all information assets,” the BMA said. “The information must be classified in terms of its value, legal requirements, sensitivity and criticality to the organisation.”

The BMA stressed the importance of managing cyber risk when engaging with third parties and supply chains, which it said is an important part of the risk management process, calling on senior management to take responsibility for cyber safety.

“The board of directors and senior management team must have oversight of cyber risks,” the BMA said. “The board of directors must approve a cyber risk policy document at least annually. The cyber risk may be covered in a standalone cyber risk policy document or as a section in a broader risk policy document.”

It said registrants must perform an assessment of their DLP control requirements, to ensure controls are in place to prevent data leaving the enterprise in an unauthorised manner.

“Registrants must have patch management procedures that define the identification, categorisation and prioritisation of security patches,” it said. “Registrants must pay close attention to a vendor’s end-of-support date as matches may no longer be available after this date.”

The BMA vowed to continue monitoring cyber irsk filing returns, and the evolving cyber risk landscape, and to “keep consulting with the insurance sector in a proactive manner.”



Editor's picks

Aspen secures $397.5 million in expanded US IPO
News
Aspen secures $397.5 million in expanded US IPO
9 May 2025

Editor's picks

News
Aspen secures $397.5 million in expanded US IPO
9 May 2025   The offering values the company at about $2.76 billion.
News
Aon appoints veteran to head Bermuda reinsurance operations
7 May 2025
News
Aspen kicks off IPO valuing firm at $2.85bn
1 May 2025
News
Conduit CUO Roberts exits following California wildfire losses
24 April 2025
News
Hannover Re appoints Rhonda Hasell as CFO and general manager
16 April 2025
News
Everest offers big pay package to new CEO
4 April 2025



Related content

Fidelis Insurance names Hannah Greenwood CUO
Everest adds Darryl Page to board of directors
Aspen appoints Jon Kattman head of inland marine
Third Point to list Malibu Re on London Stock Exchange
Acrisure secures $2.1bn in latest funding round
Hamilton adds David Priebe, Karen Green to board
Fidelis hit by California wildfire losses as combined ratio soars
Vantage taps Elementum as it expands into alternative risk capital