Cyber Risk Insurance
SIO-9.6.56
A stablecoin issuer, based on the assessment of cyber security risk exposure and with an objective to mitigate cyber security risk, must evaluate and consider the option of availing cyber risk insurance. The evaluation process to determine suitability of cyber risk insurance as a risk mitigant must be undertaken on a yearly basis and be documented by the licensee.
Added: July 2025SIO-9.6.57
The cyber risk insurance policy, referred to in Paragraph SIO-9.6.56, may include some or all of the following types of coverage, depending on the risk assessment outcomes:
(a) Crisis management expenses, such as costs of notifying affected parties, costs of forensic investigation, costs incurred to determine the existence or cause of a breach, regulatory compliance costs, costs of analysing the licensee’s legal response obligations;(b) Claim expenses such as costs of defending lawsuits, judgments and settlements, and costs of responding to regulatory investigations;(c) Coverage for a variety of torts, including invasion of privacy or copyright infringement; and(d) Coverages relating to loss of revenue due to interruption of data systems resulting from a cyber or denial of service attack and other costs associated with the loss of data collected by the licensee.Added: July 2025
