For all insurers within the Lloyd’s London market the last year has brought about great change. One of the greatest changes has been the shift to digital engagement as the old ways of working with face-to-face meetings, paperwork and handshakes were no longer possible.
This acceleration in tech trends also reflected the market’s own attempts to ensure that it was moving in the right direction in terms of technology adoption. Blueprint Two, released in November 2020, is the marketplace’s transformation programme and is all about implementation and delivery of new ways of working within the market.
Keeping secure in a digital world – Minimum Standards and Requirements
This move to digital has been a real positive for the sector, as companies saw first-hand the real improvements and efficiencies that moving to a new way of working can have. Like any change in a work environment though, companies have to ensure that it is sustainable and safe. The market’s efforts to ensure quality and safety across all aspects of business resulted in the Lloyd’s Minimum Standards and Requirements. The Minimum Standards are statements of the business conduct required by Lloyds and the Requirements represent the minimum level of performance required of any organisations within the market.
Within this guidance, cyber resilience and data management has become a key factor. The annual reviews are designed to see where companies sit in a traffic light system as well as identifying what factors stand in their way of getting to ‘green’.
The increase in digital connectivity between insurance companies and customers and partners means that MS 11 Cyber Resilience and Data Management should be one that all companies within the market are looking to ensure adherence too. Not just so they reach ‘green’ but also to ensure that protection of the often-sensitive data they hold.
Board level accountability
As we have seen over the past year or so there have been a number of high profile cyber-criminal hacks on firms that have resulted in the loss of large amounts of data, reputational damage and increased regulatory pressure. The insurance sector itself is increasingly targeted by cyber-criminals because of the potentially valuable data held by firms.
With the potential damage so costly for companies and the sector as a whole, Lloyd’s Minimum Standards is very clear where accountability sits within each organisation. Throughout the Standards, Board level accountability is emphasised; this is not just a problem for the IT team or security team, but one for the entire company with ultimate responsibility lying with the Board.
Evaluating third-party risk
Throughout 2020 and into 2021 the high-profile hacks have often originated not in a fault within the victim’s own internal systems, but in one of their partners. It is a route that cyber-criminals are increasingly using to gain access to their ultimate goal. It is therefore crucial that the Board, IT team and all in the company have a thorough understanding, not just of their own security and possible vulnerabilities, but those of their partners as well.
Any company that links to yours digitally, has the capability of letting criminals into your infrastructure and data. Although many companies have done some work on data protection, mainly due to the introduction of GDPR, most are still not in a position to be confident in their ability to hold off criminal cyber-attacks, no matter from where it originates.
Some companies are turning to risk management frameworks and automated, centralised risk assessment solutions, that enable organisations to manage their own cyber-risk as well as ensuring that their suppliers and third-party partners meet their adherence obligations. By getting a 360° view of your potential vulnerabilities, companies can easily see the gaps, both in their own and in suppliers and partner’s security, enabling them close them quickly.
The move to digital connectivity has been a real positive in a year of challenges for the Lloyds market. However, in such a regulated sector and with the Lloyd’s Minimum Standards becoming increasingly important, companies must look at their own and their partners’ cyber-security to ensure that the data they hold is secure.
If you are interested in learning more about how you can meet Lloyd’s Minimum Standards for Cyber Third-Party Management, please click on the link below to see a recording of the webinar that was held on the 17th March 2021.