SECP Issues Guidelines on Cybersecurity Framework for Companies

The Securities and Exchange Commission of Pakistan (SECP) has issued guidelines on the cybersecurity framework for the insurance sector, providing principles to make the information technology systems of insurance companies and their partners secure and resilient.

In a statement, the commission noted that cyber risk presented an evolving challenge for the insurance sector due to growing interconnectedness.

The insurance sector’s increasing reliance on technology, in distribution and in offering other innovative products through the usage of technology, makes it imperative that adequate measures must be taken to make its information technology systems, and of its partners and intermediaries, secure and resilient.

This also makes it imperative to put regulatory measures in place for threat reduction, vulnerability reduction, deterrence, and other cybersecurity measures.

Insurance companies gather, store, and maintain substantial volumes of confidential personal and organizational information. Because of these data reservoirs, insurers may become potential targets for cybercriminals.

These guidelines will apply to all insurers, including takaful operators registered under the Insurance Ordinance 2000. These will become effective from July 1, 2020.

SECP guidelines provide a principle for the formulation of a sound cybersecurity framework to anticipate, withstand, detect, prevent and respond to any possible cyber-attacks. The suggested measures include the appointment of Chief Information Security Officer and obtaining cyber risk insurance another deployment of other adequate cybersecurity systems.

The cybersecurity guidelines will aid in improving the privacy and confidentiality of the information stored and handled by insurers and will ultimately contribute to enhancing the policyholders’ confidence in the insurance sector.

The insurer’s cybersecurity framework should be able to protect the policyholder data in the wake of enhanced reliance on business process outsourcing (BPO), technology-based agency arrangements and other strategic partnerships for offering technology-based innovative insurance products and services.

You can read all the guidelines here.