INSURANCE
CLICK
TO WATCH
Digital Operational Resilience Act ( DORA )
Legal perspective : navigating compliance and resilience “ Typically , the first step that insurance organisations and insurtech carriers have taken is to implement a gap analysis to identify what work is needed to reach compliance with DORA ’ s requirements ,” says Breavington .
“ Having identified their needs , insurers should also be taking a proactive approach to obtaining expert advice on the implementation the new mandatory policies and procedures .” These can include :
• Technical analysis of their risk management framework ;
• Implementation of an effective incident response management system ;
• Threat-led penetration testing mechanisms ;
• A full review of their contractual terms with their ICT third party service providers ; and
• Effective information sharing mechanisms , to allow insurers and market players to collaborate with other carriers and cooperate with the authorities in the successful containment of cyber incidents .
“ Along with obtaining expert advice , another key consideration is employee training on digital resilience ,” he adds .
Training sessions such as pre-breach workshops , technical skills development and quality and safety training are key to :
• Evaluate the effectiveness of new systems ;
• Reduce the risk of incidents within the organisation ; and ensure a successful management of the incident response process set in place by the organisations .
insurtechdigital . com 85