Publication
The path to cyber resilience for insurers
Insurance Foresight
Global | Publication | april 2024
Insurance companies are uniquely at risk because they process significant amounts of personal information and sensitive insured information in their daily business. It is crucial for businesses in the insurance sector to be up to date and well-informed of the data protection and cybersecurity landscape across the jurisdictions in which they conduct business.
Regulators around the world are increasingly focused on cyber resilience. To stay in compliance and help avoid cybersecurity threats, companies in the insurance sector need to implement a multi-faceted strategy:
- Cybersecurity is an enterprise risk that requires effective communication of risks and cybersecurity education at the executive and board levels. Be thoughtful and purposeful when presenting on cybersecurity and resiliency to the executive team and board, such as developing an education curriculum for the entire year that maps to the company-specific risk topics covered at each presentation and ensuring that meaningful metrics are used to convey company performance and risk.
- Build systems that are resilient from a technical perspective, which involves being kept fully up to date to prevent unauthorized access. This requires a process where system patches are identified and applied comprehensively and monitored for issues.
- Prepare a coordinated cross-border response strategy, including communication with regulators and customers so that specific local requirements are accounted for and staff around the globe are aware of their roles. This is essential for global companies.
- Establish an effective risk-management framework for assessing and monitoring third-party vendors, particularly those that have access to the company’s data and network. Conduct a regulatory readiness assessment to become better prepared to respond to regulatory information and document requests when an incident occurs. Understanding what information and documents regulators are likely going to request helps companies identify current gaps in their programs, identify relevant stakeholders who are able to provide requested information quickly when the request comes, and develop a process for quickly responding to regulatory requests.
- Develop a crisis communications plan in advance. Going into a "lockdown mode" where information is not shared with all affected parties is often counterproductive. Considering and keeping up to date all impacted jurisdictions allow the company to deal with the implications in an efficient and effective manner.
Sign-up to download the full report
Recent publications
Publication
The 2025 Dutch tax plan: Impact on real estate sector
On 17 September 2024, the Dutch Ministry of Finance published its 2025 Tax Plan (Belastingplan 2024). The plan contains several proposals that affect the Dutch real estate sector.
Publication
The 2025 Dutch tax plan: Impact on businesses
Today, 17 September 2024, the Dutch Ministry of Finance published its 2025 Tax Plan (Belastingplan 2025). The plan contains several proposals that affect businesses operating in or with the Netherlands. Most provisions of the 2025 Tax Plan will enter into force on 1 January 2025 (unless otherwise indicated).
Subscribe and stay up to date with the latest legal news, information and events . . .