18-11-2019

Position Paper: Auditing Cybersecurity within Insurance firms

The European Confederation of Institutes of Internal Auditing (ECIIA) released a report on Auditing Cybersecurity within Insurance firms.

Internal Audit plays a vital role in the provision of assurance regarding the efficiency and effectiveness of the key cybersecurity processes and controls in insurance and reinsurance undertakings. Key stakeholders such as Management and the Board rely on the work of Internal Audit in regard to cyber-related risks.

This position paper aims to set out the view from the ECIIA Insurance Committee and intends to provide guidance to Chief Audit Executives (CAEs) in the Insurance sector in regard to the audit of cybersecurity. Cyber risk is important, in light of the recent increase of cyberattacks and the new European Regulations: General Data Protection Regulation and the Network and Information Systems Directive in 2018.

The need for effective IT Cybersecurity controls has been highlighted by the European Insurance and Occupational Pensions Authority (EIOPA), saying that cyber risk is becoming a growing concern for institutions, individuals and also financial markets and is now at the top position of the list of global risks for businesses.

The Solvency II Directive encourages Own Risk Self-Assessment and the use of risk categories based on the specific characteristics of the undertakings and not just the Solvency II standard classification

The paper does not aim to provide a one size fits all solution for auditing Cybersecurity risks, but it provides a framework from which internal audit departments may build a multi-year long term approach to auditing cyber risks.

Naar publicatie
Terug naar het vaktechnische publicaties overzicht

IIA Nederland

088-0037100
iia@iia.nl
Burgemeester Stramanweg 105F
1101 AA Amsterdam
Contact opnemen

Audit Magazine

Audit Magazine

Lidmaatschap

IIA is dé toonaangevende beroepsorganisatie voor internal auditors. Een lidmaatschap laat u delen in de collectieve kennis van alle vakgenoten in de wereld.
Meer informatie