Last Friday, the Hong Kong Insurance Authority published its Guideline on Cybersecurity (GL 20) for authorised insurers. GL 20 will take effect on 1 January 2020.
Cybersecurity is a global regulatory focus and a top priority area for the Insurance Authority, given the growing exposure to cyber risk as a result of increased digital connectivity.
Application
GL 20 applies to all authorised insurers (except for captive insurers and marine mutual insurers) in relation to the insurance business that they carry on in or from Hong Kong.
Objectives
GL 20 sets the minimum standards for cybersecurity that authorised insurers are expected to have in place, and the guiding principles which the Insurance Authority uses in assessing the effectiveness of insurers’ cybersecurity frameworks.
The guideline requires insurers to put in place resilient cybersecurity frameworks to protect their business data and the personal data of their existing or potential policyholders, and to ensure continuity of their business operations.
Key areas of focus
The guideline covers the following key areas:
- Cybersecurity strategy and framework – This should be endorsed by the board of the authorised insurer,…
