Executive Director, Sherman Taylor and Partner, Louise Charleson discuss the impact of
Bermuda’s new cyber risk code of conduct. *
Bermuda has introduced the Operational Cyber Risk Management
Code of Conduct (Code) which applies to all Bermuda registered
insurers, insurance managers, and insurance intermediaries in the
jurisdiction. The Code became effective on 1 January 2021 and full
compliance is required by 31 December 2021.
The introduction of the Code is welcomed. It comes at a time
when high profile cyber incidents are becoming more prevalent,
heightening risks of severe financial losses and reputational
damage, and causing data integrity concerns for insurers and their
clients. The new regulations represent a codification of best
practices that have organically developed within Bermuda’s
insurance industry over the years. As such, many insurers that
already have robust IT policies and systems in place may not find
compliance with the Code to be excessively onerous.
As with most insurance regulations, Bermuda is not adopting a
‘one-size-fits-all’ approach. Cyber risk controls are
expected to be proportional to the nature, scale and complexity of
the…
