The Central Bank of Ireland (Central Bank) has recently issued a cyber security thematic review information request (Thematic Review) to several Irish life and non-life insurers under its supervision.
The Thematic Review aims to assess a range of cyber security controls, based on responses to a cyber security questionnaire. The Central Bank will continue conducting these Thematic Reviews into 2024 and intends to expand the original scope to include additional insurers across the sector.
The Thematic Review highlights the importance placed on cyber security, both at a domestic and European supervision level. From a European perspective, the EIOPA Guidelines on Information and Communication Technology Security and Governance have been effective since 1 July 2021, to provide clarification on supervisory expectations concerning cyber security, ICT security and governance capabilities. Building on the existing European framework, the Digital Operational Resilience Act (DORA) will take full effect on 17 January 2025. DORA aims to improve operational resilience across EU financial services firms, including (re)insurers, enabling them to withstand ICT-related disruptions and threats,…