ISLAMABAD: The Pakistan Stock Exchange Commission (SECP) has issued guidelines to the insurance industry for protection against cyber attacks, saying the probability of cyber risk is now greater than ever because of the dependence increased technology for business operations and financial expansion. Technology.

The SECP guidelines, issued on Wednesday under SRO 31 (I) / 2019, warn that all life and non-life insurers, including family farmers and general takaful, are required to take out cyber risk insurance to cover their own insurance. cyber risks to mitigate losses a variety of cyber incidents, including data breaches, business interruptions and network damage.

The corporate sector regulator has asked insurers to submit the cyber security framework assessment reports no later than April 30 of each year to the SECP.

Operators are required to protect themselves against data breaches, business interruptions and network damage

The SECP stated that because insurers are major contributors to the domestic financial sector, interruptions to their insurance systems due to cyber security incidents can have far-reaching consequences.

The SECP also asked insurance companies that computer risk insurance will protect insurers against claims arising from cyber attacks and that the insurer's cyber security framework should support and promote both its operational security and protection. data from the policyholders.

The SECP has also asked insurance companies to protect their network, including hardware, firmware and software components, integrity, information flow control, border protection and security. the separation of the network, if any.

The insurers' cybersecurity framework will be able to protect policyholder data as a result of increased dependence on BPO (business process outsourcing), agency features based on technology and other strategic partnerships to offer innovative insurance products and services based on technology, said SECP.

The SECP explained that cyber risk means "all risks associated with the use and transmission of electronic data, including technological tools such as the Internet and telecommunication networks".

The SRO stated that this risk also included physical damage that could be caused by cybersecurity incidents, fraud committed through misuse of data, any liability resulting from the storage of data, as well as availability, integrity and the confidentiality of electronic information, whether linked to individuals or companies. , or governments.

The SECP also explained that insurers collect, store and store large volumes of confidential personal and organizational information and that because of these data pools, insurers are potential targets for cyber criminals who are looking for information. information that can then be used for financial purposes. extortion, theft of identity or other illegal activities.

Insurance companies have been asked to appoint a senior information security officer (CISO), with the required qualifications and experience, who will be responsible for implementing the overall cybersecurity framework within the organization. organisation.

The CISO will be consulted for feedback on cyber risk and the cyber security strategy and framework needed to mitigate the inherent cyber risks.

Posted in Dawn, January 10, 2019