|
|
The Global Federation of Insurance Associations (GFIA), in its response to an International Association of Insurance Associations (IAIS) consultation on its application paper on the supervision of insurer cybersecurity, says that while countries have different approaches to privacy and cybersecurity risks, it believes that harmonisation and coordination among international governing bodies is, to the extent possible, important. But it warns: “It is also inappropriate to regulate through or prescribe/proscribe particular technologies. Technology development is fast moving and what is appropriate/inappropriate today may be obsolete tomorrow. More outcomes-focused guidance would be appropriate as a result.”
Limiting cyber intrusions and their consequences is a shared goal of the public and private sector, and through future collaboration, according to the GFIA, can help foster resilience and avoid potential unintended consequences from regulatory and standard-setting frameworks.
In its response, the GFIA says it “respectfully recommends that the elements of proportionality and risk-based approaches be more prominently reflected in the text, particularly before every list of specific measures outlined in the application paper”, adding: “[The] GFIA is of the view that this approach would reflect the IAIS’s intent, but it should be made abundantly clear that every measure in the paper is an example and not a recommended prescriptive mandate.”
Article on Commercial Risk (subscription required)