|
|
Internal Audit plays a vital role in the provision of assurance regarding the efficiency and effectiveness of the key cybersecurity processes and controls in insurance and reinsurance undertakings. Key stakeholders such as Management and the Board rely on the work of Internal Audit in regard to cyber-related risks.
Cyber risk is important, in light of the recent increase of cyberattacks and the new European Regulations: General Data Protection Regulation and the Network and Information Systems Directive in 2018.
The need for effective IT Cybersecurity controls has been highlighted by the EIOPA, saying that cyber risk is becoming a growing concern for institutions, individuals and also financial markets and is now at the top position of the list of global risks for businesses.
The Solvency II Directive encourages Own Risk Self-Assessment and the use of risk categories based on the specific characteristics of the undertakings and not just the Solvency II standard classification.
Full report "Auditing Cybersecurity within Insurance firms"