GFIA has today published its response to a consultation by the Financial Stability Board (FSB) on its report on effective practices for cyber incident response and recovery, which aims to provide a toolkit to assist financial institutions before, during and after a cyber incident.
GFIA warned that the toolkit is currently too focussed on the practices of large, global financial institutions and called for more proportionality to take account of the needs of smaller, less complex entities, such as SME and captive insurers.
GFIA also raised concerns that the toolkit would place obligations on an insurer’s board of directors that go beyond corporate governance expectations and corporate law requirements. GFIA therefore called for the toolkit to acknowledge the importance of appropriate liability protections for both senior management and the board.
GFIA called for greater sharing of data between agencies and jurisdictions. These efforts are important mitigation tools that prevent the spread of the same or similar cyber-attacks and allow companies to learn from and assess their own approach to cybersecurity in a risk-based manner. Similarly, sharing should involve reciprocal public/private arrangements.
Finally, GFIA invited the FSB to review the levels of cyber insurance in different jurisdictions.