The ECIIA released a report on Auditing Cybersecurity within Insurance firms. It aims to set out the view from the ECIIA Insurance Committee and intends to provide guidance to Chief Audit Executives (CAEs) in the Insurance sector in regard to the audit of cybersecurity.
Internal Audit plays a vital role in the provision of assurance regarding the efficiency and effectiveness of the key cybersecurity processes and controls in insurance and reinsurance undertakings. Key stakeholders such as Management and the Board rely on the work of Internal Audit in regard to cyber-related risks.
Cyber risk is important, in light of the recent increase of cyberattacks and the new European Regulations: General Data Protection Regulation and the Network and Information Systems Directive in 2018.
The need for effective IT Cybersecurity controls has been highlighted by the EIOPA, saying that cyber risk is becoming a growing concern for institutions, individuals and also financial markets and is now at the top position of the list of global risks for businesses.
The Solvency II Directive encourages Own Risk Self-Assessment and the use of risk categories based on the specific characteristics of the undertakings and not just the Solvency II standard classification.
Full press release on ECIIA
Full report "Auditing Cybersecurity within Insurance firms"
Hover over the blue highlighted
text to view the acronym meaning
over these icons for more information
No Comments for this Article