Catalogue
/
Cybersecurity and Information Security
/
DORA and Cyber Resilience for Insurance Institutions

DORA and Cyber Resilience for Insurance Institutions

A practical course for professionals and executives in the insurance industry who need a structured and actionable understanding of the Digital Operational Resilience Act and its implications for insurers and insurance groups. The agenda follows the core DORA pillars, including ICT risk management, incident handling and reporting, digital operational resilience testing, ICT third party risk, and the EU oversight framework for critical ICT third party providers, while framing them in an insurance specific context. DORA applies across the financial sector, including insurance undertakings, and EIOPA provides sector specific supervisory framing for implementation.

What will you learn?

You will understand the main DORA requirements, terminology, interrelations, and obligations in a way that supports both leadership decisions and practical implementation in insurance institutions. You will connect the regulation to governance, ICT risk management, incident reporting, resilience testing, third party oversight, and the broader goal of building digital operational resilience. You will also examine practical implementation strategies, common challenges, and the role of leadership in building a cybersecurity culture that extends across the organization.

  • Understand the structure, terminology, and insurance relevant scope of DORA
  • Connect ICT risk management, incident handling, testing, and third party risk into one operating model
  • Evaluate implementation approaches, best practices, and governance choices for insurers
  • Strengthen leadership driven cybersecurity culture and organization wide resilience awareness

Requirements:

  • Suitable for professionals, managers, and executives in the insurance industry
  • Basic familiarity with compliance, risk, IT, operations, or cybersecurity is helpful
  • Interest in resilience, governance, outsourcing, and supervisory expectations

Course Outline*:

*We customize the course outline and content to your specific needs and relevant use cases.

Module 1: Introduction to DORA in the insurance sector

  • Basic definition, purpose, and strategic intent of DORA
  • Why digital operational resilience matters for insurers and insurance groups
  • Background of the regulation and expected implementation benefits
  • Core terminology and how DORA fits into the broader resilience discussion

Module 2: Scope, structure, and interrelations

  • Which insurance entities and related service relationships fall within scope
  • Overview of DORA’s structure and key obligation areas
  • Main objectives and how the requirements relate to one another
  • Interrelations with governance, operational resilience, and supervisory expectations

Module 3: Governance, accountability, and leadership

  • Management body responsibilities and internal accountability expectations
  • Leadership’s role in shaping resilience priorities and decision making
  • Building a cybersecurity culture that reaches beyond specialist teams
  • Aligning policies, committees, reporting lines, and ownership

Module 4: Integrating DORA into existing insurance structures

  • Embedding DORA into governance, risk, compliance, and information security structures
  • Mapping DORA requirements to existing control frameworks and operating models
  • Avoiding duplication by aligning resilience work with current processes
  • Identifying practical implementation entry points for insurers of different sizes

Module 5: ICT risk management under DORA

  • Core expectations for identifying, protecting, detecting, responding, and recovering
  • Connecting ICT risk management to business critical insurance processes
  • Structuring risk ownership, control selection, and escalation paths
  • Translating DORA language into practical internal operating measures

Module 6: Business continuity and operational stability

  • Cyberattack scenarios and operational disruption risks relevant to insurers
  • Impact of DORA on continuity planning, crisis structures, and recovery readiness
  • Building an effective BCM and disaster recovery approach
  • Practical recommendations for continuity, emergency management, and resilience alignment

Module 7: Cloud, outsourcing, and ICT dependencies

  • Fundamentals of cloud use in regulated insurance environments
  • Cloud security and resilience considerations in the DORA context
  • Managing external ICT dependencies with stronger ownership and oversight
  • Practical implications of outsourcing and concentration risk for insurers

Module 8: Incident management and reporting obligations

  • Detecting, classifying, escalating, and managing ICT related incidents
  • Internal reporting flows from detection to management visibility
  • Regulatory reporting expectations and common implementation issues
  • Improving consistency, timeliness, and decision usefulness in incident handling

Module 9: Digital operational resilience testing

  • Purpose and structure of resilience testing under DORA
  • Basic and more advanced testing approaches in an insurance context
  • Connecting test results to remediation, assurance, and management oversight
  • Organizing scope, evidence, and follow through in a proportionate way

Module 10: Third party risk and the EU oversight framework

  • ICT third party risk management expectations for insurance institutions
  • Identifying critical or important functions and related provider exposure
  • Contracting, monitoring, and exit thinking in a resilience context
  • EU oversight of critical ICT third party providers and what it means for insurers

Module 11: Implementation challenges, best practices, and change management

  • Common DORA implementation challenges across different types of insurance institutions
  • Practical sequencing across governance, controls, reporting, testing, and third party management
  • Success factors and best practices for sustainable implementation
  • Change management approaches that support adoption across the enterprise

Module 12: Long term operating model and resilience culture

  • Bringing governance, risk, incidents, testing, and third party oversight into one model
  • Making awareness and training part of resilience rather than a separate compliance task
  • Strengthening leadership visibility and enterprise wide ownership
  • Building a practical roadmap for ongoing DORA readiness and resilience maturity

Hands-on learning with expert instructors at your location for organizations.

4.347€*
Graph Icon - Education X Webflow Template
Level:
intermediate
Clock Icon - Education X Webflow Template
Duration:
21
Hours (days:
3
)
Camera Icon - Education X Webflow Template
Training customized to your needs
Star Icon - Education X Webflow Template
Immersive hands-on experience in a dedicated setting
*Price can range depending on number of participants, change of outline, location etc.
Get Quote

Master new skills guided by experienced instructors from anywhere.

3.012€*
Graph Icon - Education X Webflow Template
Level:
intermediate
Clock Icon - Education X Webflow Template
Duration:
21
Hours (days:
3
)
Camera Icon - Education X Webflow Template
Training customized to your needs
Star Icon - Education X Webflow Template
Reduced training costs
*Price can range depending on number of participants, change of outline, location etc.
Get Quote

Upcoming Sessions

23-25 Jun 2026
Milan
Book
27-29 Aug 2026
Paris
Book
17-19 Nov 2026
Paris
Book
25-27 Nov 2026
Warsaw
Book
15-17 Dec 2026
Dublin
Book

Can't find a suitable date? Get in touch and we'll arrange one that works for you.