GFIA has published its response to an International Association of Insurance Associations (IAIS) consultation on its application paper on the supervision of insurer cyber-security.
While countries have different approaches to privacy and cyber-security risks, GFIA believes that harmonisation and coordination among international governing bodies is — to the extent possible — important.
Introducing potentially restrictive measures could limit the ability of insurers and supervisors to innovate in the face of rapidly changing cyber threats. In turn, such inflexible supervision could rapidly become obsolete and introduce vulnerabilities.
It is also inappropriate to regulate through or prescribe/proscribe particular technologies, given the speed of technological developments. Outcome-focused guidance would therefore be more suitable.
GFIA also believes that elements of proportionality and risk-based approaches should be given more prominence, particularly in relation to the specific measures outlined in the application paper.