Mr. Speaker, I rise today to advise this Honourable House of the continued advancement of Bermuda’s national cybersecurity posture.
Cyber threats do not stand still, Mr Speaker, and neither can we. As the threat landscape evolves, so too must our understanding of the risks facing our digital infrastructure, our critical services, and our citizens.
Mr. Speaker, building on the foundations laid by the Bermuda Cybersecurity Strategy 2018-2022 and strengthened by the Cybersecurity Act 2024, the Government of Bermuda is now ready to take the next decisive step in evidence-based cybersecurity governance.
Mr. Speaker, I am pleased to announce the launch of Bermuda’s inaugural National Cybersecurity Risk Assessment (NCRA). This is a landmark initiative in keeping with the Government’s Digital Transformation Initiative. For the first time, Bermuda will conduct a structured, jurisdiction-wide assessment of our collective cybersecurity risks — delivered entirely in digital form.
Mr. Speaker, what is the National Cybersecurity Risk Assessment?
The NCRA is a formal survey instrument designed to gather structured cybersecurity risk intelligence from across Bermuda’s public and private sectors. The assessment will capture information on threats, vulnerabilities, current controls, and risk exposure across our organisations, including those operating within our Critical National Information Infrastructure (CNII).
Mr. Speaker, the results of the NCRA will directly inform the development of Bermuda’s updated National Cybersecurity Strategy, which the Government is targeting for release in the fourth quarter of this year. This means that for the first time, our national strategy will be built on current, locally-sourced risk intelligence — not assumptions. That is a significant advance in the maturity of our cybersecurity governance.
Mr. Speaker, this NCRA represents a first for Bermuda in another important respect. Previous exercises of this nature have relied on manual or paper-based processes. This assessment will be distributed and completed entirely online, enabling broader participation, faster data collection, and more reliable analysis.
The digital platform has been designed to ensure the secure delivery of responses. Respondents can complete the assessment with confidence that their submissions are handled in accordance with the Government of Bermuda’s security standards and the obligations set out under the Personal Information Protection Act 2016.
Mr. Speaker, the NCRA is intended to reach as much of the Bermuda cyber community as possible. We are calling on organisations and professionals across all sectors to participate, including:
- Government ministries, departments, and agencies;
- Critical National Information Infrastructure (CNII) entities and operators;
- Financial services, insurance, and reinsurance organisations;
- Telecommunications and technology providers;
- Healthcare, energy, and essential services operators; and
- Small and medium-sized enterprises with a digital footprint.
Mr. Speaker, the strength of this assessment depends on the breadth and quality of participation. I therefore, urge all relevant organisations across the Bermuda cyber community to engage seriously and respond fully.
The NCRA will be distributed by the National Cybersecurity Unit (NCU). Respondents will have a period of three months to complete the assessment from the date of distribution. This window has been set to allow sufficient time for thorough and considered responses, while maintaining the timeline necessary to support the development of the updated National Cybersecurity Strategy.
The NCRA will be administered on an annual basis going forward. This will enable the Government to track the evolution of Bermuda’s cybersecurity risk profile over time and ensure that our national strategy remains current and responsive to emerging threats.
Organisations wishing to participate, or requiring further information about the assessment process, are encouraged to contact the National Cybersecurity Unit directly. All queries should be directed to the NCU by email at cybersecurity@gov.bm.
Further details, including the secure link to complete the assessment, will be communicated to stakeholders upon distribution by the NCU.
Mr. Speaker, the National Cybersecurity Risk Assessment is not an end in itself. It is a critical input into a larger process: the development of an updated National Cybersecurity Strategy that is grounded in evidence, shaped by the real-world risk environment that Bermuda faces today.
This Government is committed to building a secure digital Bermuda — one where citizens, businesses, and institutions can operate with confidence in the safety and resilience of our digital environment. The Cybersecurity Act 2024 has given us the legislative framework. Our partnership with the International Telecommunications Union is strengthening our operational capabilities through the National Cybersecurity Incident Response Team. The NCRA now gives us the intelligence to make strategic decisions that are truly informed.
Mr. Speaker, I call upon all stakeholders across Bermuda’s cyber community to seize this opportunity to shape our national cybersecurity direction. Your participation matters and your insights are essential. Together, we will build a stronger, more robust digital Bermuda.
Thank you, Mr. Speaker.