SECP Issue Cybersecurity Framework Guidelines For Insurance Companies

SECP have issued cybersecurity framework guidelines that have been sent to insurance companies to make sure cybercriminals do not have a chance to steal a customer’s private information

The Securities and Exchange Commission of Pakistan (SECP) has recently published and issued their guidelines on the cybersecurity framework for the insurance sector.

These guidelines provide the basic idea and principles as to how companies can make  information technology systems of insurance companies and how to ensure that their partners can remain secure. SECP highlighted that cyber risk is currently an evolving challenge for the insurance sector due to the increased interconnectedness between various other sectors. With an increased use of technology in the insurance sector, with regards to its distribution and innovation in products through technology, it has become prone to the risk of information being leaked or stolen. Hence, it is necessary for the industry to take adequate measures in their information technology systems, and of its partners and intermediaries.

The SECP has given special attention to work on regulatory measures for threat reduction, vulnerability reduction, deterrence, and other cybersecurity measures. As insurance companies gather, store, and maintain large pools of confidential personal and organizational information, cybercriminals do have a chance to steal this information. This is specially the case as these companies now deal with business process outsourcing (BPO), technology-based agency arrangements and strategic partnerships for offering technology-based innovative insurance products and services. These guidelines will apply to all insurers, which includes takaful operators registered under the Insurance Ordinance 2000. These guidelines will also become effective from July 1, 2020.

The SECP guidelines focus on the matter of formulation of a sound cybersecurity framework that can be used to prepare for, detect and present any possible cyber-attacks. One of these measures include the appointment of Chief Information Security Officer and obtaining cyber risk insurance through an efficient cybersecurity systems. One of the main objectives of these guidelines is to improve the privacy of this information and that will give more credibility to the insurance company and sector.

The cybersecurity guidelines will aid in improving the privacy and confidentiality of the information stored and handled by insurers and will ultimately contribute to enhancing the policyholders’ confidence in the insurance sector. Interested readers can see all the guidelines through this link.