The International Association of Insurance Supervisors (IAIS), a voluntary membership organisation of insurance supervisors and regulators from more than 200 jurisdictions in nearly 140 countries, has stated that insurers face potential loss of confidential data, disruption of operations and reputational loss as a result of cyber risks.
IAIS in its new consultation paper on cyber risk stated:
“The insurance sector is vulnerable to cyber incidents; insurers collect, process, and store substantial volumes of data, including personally identifiable information”.
“Insurers are connected to other financial institutions through multiple channels, including investment, capital raising, and debt issuance activities”.
“Insurers execute mergers and acquisitions and other changes in corporate structure that may affect cybersecurity”.
“Insurers outsource a variety of services, which may increase exposure to cyber risk.”
The report highlights examples of cybersecurity weaknesses in the insurance sector. It also acknowledges that supervisors are addressing cyber risk through appropriate regulation and supervisory processes including:
- The security of private information held by insurers and intermediaries;
- Financial crime undertaken through cyber means; and
- Business continuity and disaster recovery planning for individual insurers and intermediaries and potentially, for the insurance sector as a whole.
In addition, the requirements for the conduct of insurance business include provisions relating to privacy protection under which insurers and intermediaries are allowed to collect, hold, use, or communicate personal information of customers to third parties.
BRG will shortly be releasing the results of its Cybersecurity Preparedness Benchmark Study. If you would like to discuss our findings, please contact:Tony Moroney (BRG, EMEA) or Faisal Amin (BRG, USA)
The views and opinions expressed in this article are those of the authors and do not necessarily reflect the opinions, position, or policy of Berkeley Research Group, LLC or its other employees and affiliates.
See BRG white papers: