The International Association of Insurance Supervisors (IAIS) has issued for consultation a draft application paper on the supervision of insurer cyber security.

The draft application paper provides insurance supervisors with guidance for updating their regulatory regimes and supervisory practices, as they apply to cyber security.

The paper takes as its starting point the October 2016 G7 fundamental elements of cyber security (G7FE). These elements include:

  • establishing and maintaining a cyber security strategy and framework;
  • responding to cyber incidents in a timely manner; and
  • regularly reviewing the strategy and framework.

For each element, the IAIS draft paper:

  • maps that element to individual insurance core principles (ICPs);
  • provides recommendations for supervisors;
  • gives examples of current practice; and
  • assesses the desirable outcomes for that element.

The draft application paper can be viewed here

The deadline for comments on the draft paper is 13 August 2018.