Search
Close this search box.

Cristie Data – Solving DORA Operational Resilience challenges for the Insurance Sector.

Share This Post

Solving DORA Operational Resilience challenges for the Insurance Sector.

Cristie Data work with many financial sector organizations to deliver data and cyber security solutions which address the operational resilience challenges of the Digital Operational Resilience Act (DORA). Although major financial institutions have received the most rigorous attention, other financial entities such as insurance companies fall within the scope of DORA directives. Efficient system recovery and cyber resilience are fundamental to achieving operational resilience for critical insurance services. In the following sections we will cover some key challenges that our professional services teams have solved for financial institutions and how they transpose to companies operating in the insurance sector.

What are the impacts of DORA on the Insurance Sector?

In addition to major financial institutions, DORA also covers insurers, intermediaries, and critical data service providers, recognizing their important roles in protecting the financial interests of consumers and businesses. Under DORA, insurers and intermediaries must assess their potential risk exposures and understand how disruptive incidents could impact their operational capabilities. DORA will have several impacts on the insurance sector. Firstly, it will require insurance companies to assess and manage risks in their digital infrastructure systematically and comprehensively. This means gaining a full understanding of ICT risks and how they relate to system architecture. By doing so, entities can develop tailored risk management and system recovery strategies based on their specific service risk profiles. Additionally, DORA will necessitate clear plans to manage disruptions and outages in digital infrastructure. This includes establishing incident management protocols and guidelines with strategies to restore systems within acceptable timeframes after any disruption. Effective communication plans, both internally and externally, for informing customers and stakeholders, are also crucial to service recovery planning.

Digitalization and operational resilience in the insurance sector, two potentially opposing forces.

The insurance industry is currently going through a significant transformation as it embraces digitalization. This shift aims to take advantage of the benefits of optimization, speed, and improved service quality. At the same time, insurance companies are digitizing their customer interfaces to meet customer expectations and demands. This transformation is also accompanied by the entry of InsurTech companies, which challenge traditional business models with their advanced technology. While digitalization brings clear advantages, it also exposes insurance firms to potential cyber-attacks. To prevent service disruptions and maintain customer trust, it is crucial for insurance companies to establish strong operational and cyber resilience. Additionally, these companies need to develop a stringent security and system recovery testing framework to protect information security. This framework should assess the security implications of new and existing products and services.

What are some of the common system recovery challenges for insurance firms?

Insurance systems involve complex interdependent server and storage configurations that are built with redundancy to provide the utmost resilience. Typically, a service infrastructure will consist of a combination of physical and virtual machines. The deployment, maintenance, and protection of these systems presents specific challenges due to scale. For instance, a single service may be supported by hundreds or perhaps thousands of server instances across multiple geographies for many insurance firms. The recovery of physical machines often presents additional challenges over virtual counterparts due to the need for manual intervention in the recovery process. There are also many interdependencies between systems which require a tiered recovery process to ensure that systems are restored in the correct sequence. For instance, active directory (AD) is typically the primary service required as it contains critical information regarding the environment, including users, servers, and associated permissions and privileges.

How can Cristie Data help insurance companies with system recovery and cyber resilience?

Scenario planning, regular stress testing, and system recovery exercises are mandated under DORA. These simulations help insurers and intermediaries gauge their resilience to various operational disruptions and therefore fine-tune their response strategies accordingly. Cristie Data can provide system recovery solutions designed for automated large scale system recovery orchestration for both physical and virtual machines with the ability to undertake detailed system recovery simulations to assist with DORA compliance. Our partnerships with leading cyber and data security technology vendors enables us to help insurance companies mitigate cyber risks before, during and after incidents. Cristie’s system recovery software can create fully functional copies of production systems within an isolated sandbox environment in minutes without the need for additional infrastructure. These sandboxes are easily accessible for multi-disciplinary teams to optimize workflows, validate change management procedures, and collect evidence of cybersecurity capabilities or weaknesses.

What are the goals of DORA for the insurance sector and where can you find the most recent information?

The European Commission has proposed the Digital Operational Resilience Act (DORA) to enhance the operational resilience of the financial sector in the European Union. DORA aims to establish standardized regulations for managing Information and Communication Technology (ICT) within the industry. This includes governance, risk management, incident reporting, security testing, and oversight of third-party risk management. The main goal of DORA is to ensure operational resilience by effectively addressing cyber-attacks and managing risks associated with third-party entities. DORA was adopted in December 2022 and is scheduled to enter into force on January 17, 2025. The three European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) published the first set of final draft technical standards under DORA on 17 January 2024.

Insurance companies need to be READY soon.

By January 2025, DORA requires firms within its scope to fully adhere to the new regulations. Consequently, the initial step is to obtain a comprehensive understanding of the provisions outlined in DORA and how they are applicable to your organization. Insurers and intermediaries need to conduct a thorough assessment of their impact tolerance to assess the potential consequences of operational disruptions. This process involves analyzing critical services, recovery capabilities, and the resources needed to minimize any adverse impacts. Organizations should then develop robust plans for incident response and crisis management, incorporating insights gained from scenario planning exercises. Regular testing and updates of these plans will ensure that procedures remain effective and up to date.

Summary

System recovery at scale presents several challenges for insurance firms with physical systems often lacking the automation features that are taken for granted within virtual environments. Cristie recovery solutions can help overcome these limitations while providing complete flexibility to restore to and from any platform environment. Contact our team to learn more about simplifying key aspects of infrastructure recovery and cyber resilience to meet the requirements of DORA operational resilience legislation.

Cristie Data GmbH: Your Partner for HPC Data Backup & Archive

Cristie Data GmbH: Your Partner for HPC Data Backup & Archive The High-Performance Computing (HPC) sector generates unprecedented amounts of data critical to scientific research, engineering simulations, and cutting-edge technological development. This data is as vast as it is valuable, and effective backup and archiving strategies are not just an

The IBM TS1170: A Game-Changer for HPC Data Storage

The IBM TS1170: A Game-Changer for HPC Data Storage In 2023, IBM and Fujifilm made a significant breakthrough in data storage technology with the release of the IBM TS1170 tape drive and its compatible 3592 JF tape cartridges. This innovation offers game-changing advantages for High-Performance Computing (HPC) users, addressing the

Have you heard of CO2 neutral data protection?

Have you heard of CO2 neutral data protection? Data centers consume vast amounts of electricity for servers, cooling, and infrastructure, with most receiving their power from traditional sources such as nuclear, coal or gas. This is not just old-fashioned; it also emits a huge amount of CO2 which causes climate

The Cybersecurity Crisis in Healthcare: Germany Under Attack

The Cybersecurity Crisis in Healthcare: Germany Under Attack The healthcare sector has become a prime target for cybercriminals in recent years. The sensitive nature of health data, often coupled with outdated legacy systems and limited cybersecurity budgets, makes healthcare institutions vulnerable targets. Germany has seen a surge in cyberattacks targeting

Outsourcing Cybersecurity: Why Companies Are Turning to the Experts

Outsourcing Cybersecurity: Why Companies Are Turning to the Experts In today’s rapidly evolving digital landscape, cybersecurity stands as one of the most critical and complex challenges organizations of all sizes face. The growing sophistication of cyberattacks, the ever-present risk of data breaches, and increasingly stringent compliance regulations place tremendous pressure

Is your “cold data” burning a hole in your pocket and the environment?

Is your “cold data” burning a hole in your pocket and the environment? This week we caught up with our CTO Christof Gedig who had just returned from a visit to our windfarm data center facilities in partnership with windCORES and undertook a short Q&A session regarding the environmental and

SiteLock

Save the Data - Event Registrierung

Thank you for your registration!






Participation subject to availability.

Schauen Sie sich das DORA Video an

Thank you for submiting your email address. Press the button below to download the pdf.

Watch the Spectra Tape Video

Thank you for submiting your email address. Press the button below to download the pdf.

Schauen Sie sich das NIS2 Directive Video an

Thank you for submiting your email address. Press the button below to download the pdf.

Save the Data - Event Registrierung

Thank you for your registration!






Teilnahme nach Verfügbarkeit.

Arctic Wolf - Security Breakfast

Thank you for your registration!





Teilnahme nach Verfügbarkeit.

Arctic Wolf - Security Breakfast Event

Thank you for your registration!





Participation subject to availability.

eBook: Transform Your Business with Mature Data Management

Thank you for submiting your email address. Press the button below to download the pdf.

Understanding LTO-9 Tape Technology – Whitepaper

Thank you for submiting your email address. Press the button below to download the pdf.

Understanding LTO-9 Tape Technology – Whitepaper

Thank you for submiting your email address. Press the button below to download the pdf.

Contact Info

Nordring 53-55, 63843 Niedernberg,
An der Burg 6, 33154 Salzkotten,
Germany

Monatliches Angebot für Cloud-Schutz anfordern

Thank you for your registration!

Wählen Sie mehrere aus, indem Sie beim Auswählen die Taste strg oder cmd drücken.

*Sie können die Anzahl der zugewiesenen Lizenzen in Microsoft 365 ermitteln, indem Sie zur Seite Microsoft 365 Admin center > Billing > Licenses navigieren.

** Die folgenden Abonnements werden von Cristie Cloud Backup für Google Workspace nicht berechnet:
Google Voice Starter (SKU ID: 1010330003)
Google Voice Standard (SKU ID: 1010330004)
Google Voice Premier (SKU ID: 1010330002)

Auf dem Weg zur intelligenten Welt – Whitepaper

Da neue Technologien wie 5G, IoT, Cloud Computing und Big Data in der digitalen Transformation eingesetzt werden, bewegt sich die IT-Architektur von Unternehmen in Richtung eines hybriden Frameworks aus „traditioneller IT + privater Cloud + öffentlicher Cloud + Edge“.

Thank you for submiting your email address. Press the button below to download the pdf.

Striding Towards the Intelligent World – White Paper

As new technologies, such as 5G, IoT, cloud computing, and big data, are being applied in digital transformation, enterprise IT architecture is moving towards a hybrid framework of “traditional IT + private cloud + public cloud + edge”. This report provides an in-depth outlook on the development of the data storage industry.

Thank you for submiting your email address. Press the button below to download the pdf.

Zero Trust Data Security for Dummies

Thank you for submiting your email address. Press the button below to download the pdf.