The Directive’s minimum harmonisation principle has resulted in a fragmented landscape for Europe’s insurers. In practice, this means that firms in three member states have been identified as operators of essential services and, as a result, some of them have been subjected to burdensome and costly requirements.
Insurance Europe has published its position on the review of the Security of Network and Information Systems (NIS2) Directive.
The financial sector-specific Digital Operational Resilience Act
(DORA), which was proposed by the European Commission in September 2020,
is an opportunity to address this. Concretely, cybersecurity rules for
insurers should be only covered by the DORA. To achieve this, it is
important to refine some aspects of the NIS2 Directive, as well as the
relationship between it and the DORA. This will ensure legal certainty,
while enabling insurers to contribute to enhancing the insurance
sector’s cyber resilience.
Beyond their own cyber security, insurers, as providers of cyber
insurance products, have a key role to play in increasing the cyber
resilience of the EU. Access to cyber incident data reported under the
NIS2 Directive would greatly help insurers provide cyber security
solutions. Insurers are also calling for increased harmonisation of
reporting information between countries under the NIS2 Directive, so as
to promote a uniform and common understanding of cyber threats and
incidents across the EU.
Insurance Europe
© InsuranceEurope
Key
Hover over the blue highlighted
text to view the acronym meaning
Hover
over these icons for more information
Comments:
No Comments for this Article