Custom print

RM-9.1.5

Past version: Effective from 01 Oct 2019 to 30 Sep 2021
To view other versions open the versions tab on the right

The senior management of an insurance licensee must be responsible for the following activities:

(a) Creating an overall cyber risk management framework commensurate with the size, nature of activities and the risk profile of the licensee and formulating a cyber risk defense policy;
(b) Regularly measures the effectiveness of the implementation of the risk management practices mentioned in RM-9.1.3 and ensuring that this is regularly reported to the Board;
(c) Ensuring that process for identifying critical internal functions are in place and annually verified;
(d) Adequately overseeing the implementation of the cyber risk management framework;
(e) Implementing and consistently maintaining an integrated, corporate-wide, cyber risk management framework, including sufficient resource allocation;
(f) Monitoring the effectiveness of the cyber defense array and coordinating cyber defense activities with internal and external risk management entities;
(g) Receiving periodic reports from the relevant departments on the current situation with respect to cyber threats and cyber risk treatment; and
(h) Receiving periodic reports on all cyber incidents (internal and external) and analysis of their implications on the licensee.
Added: October 2019