Even though your contracts do not explicitly contain information security requirements, that should not prevent you from asking your reinsurers to demonstrate they have sufficient data security controls. Cybercrime and information security breaches have hit an all-time high. Any firm handling sensitive or confidential data should anticipate the need to evidence their data security controls.
The question is if your reinsurers won't provide the information because it isn't in their contract, or if there is a hesitancy to ask without the leverage of the contract? In either case, my advice is to put your request in writing and ask for a formal response in writing. If they decline to provide you with the information, consider your options for renegotiating or terminating the contract as soon as practical. Another option may be to ask for a signed attestation that meets your stated requirements (put them in writing).
I hope that is helpful, but I would love to hear from other members with reinsurer experience.