Citadel Reinsurance approached us to conduct a Cyber Security Audit across their global operations, including the UK, US and Bermuda, and to draft a Cyber Security Risk Management Framework.
In addition, the Bermuda Monetary Authority (BMA) was in the consultation phase for the introduction of a new Cyber Risk Management Code of Conduct they planned to implement in 2021. Although the final text was not yet confirmed, we needed to be mindful of the likely content.
We met with key personnel to ensure we thoroughly understood their current structure, systems and policies. Then we scored these against the National Institute of Standards and Technology (NIST) Cyber Security Framework to highlight areas of concern and generate recommendations.
The company is geographically diverse, so some of our recommendations applied broadly, while others only related to individual entities.
Finally, we suggested a phased introduction, with high-priority measures to improve security implemented promptly, while long-term plans should wait until the final text of the BMA Code of Conduct is confirmed.