Cyber threats a ‘big focus’ for insurance industry: Superintendent of financial institutions

Reinsurance companies must pay “significant attention” to ongoing cyber threats, suggests Julie Dickson, the federal government’s superintendent of financial institutions.

“The reinsurance industry, like many others, faces ongoing cyber threats, including challenges with data administration and other technology issues,” according to a copy of a speech Dickson was scheduled to give Tuesday at the 58th Annual Canadian Reinsurance Conference in Toronto.

“This has become a big focus for banks, as well as insurers, and significant attention must be paid to it.”

Dickson’s speech referred to the Cyber Security Self-Assessment Guidance, which the Office of the Superintendent of Financial Services (OSFI) released Oct. 28.

“It has proven to be a valuable tool for institutions to self-assess their own cyber risk and preparedness and has resulted in productive discussions between institutions and OSFI,” she said of the template, which OSFI is recommending federally regulated financial institutions use.

“OSFI does not currently plan to establish specific guidance for the control and management of cyber risk,” the regulator stated at the time it published the self assessment. OSFI stated last October that the template “sets out desirable properties and characteristics of cyber security practices that could be considered by a FRFI when assessing the adequacy of its cyber security framework and when planning enhancements to its framework.”

For example, it asks insurers whether they conduct “regular penetration testing” of their computer network boundaries. They are also asked whether they use current versions of tools such as intrusion detection or intrusion prevention systems, firewall, anti-virus and protection against distributed denial of service attacks.

The template also asks financial institutions if they “tightly” control and manage their “use of administrative privileges.”

Cyber risk is ever-involving, according to Dickson’s remarks for the reinsurance conference.

“Adequately addressing and mitigating these risks requires an active and dynamic approach that many institutions have already adopted or are planning to in the near future.”

Another topic she was scheduled to raise at the reinsurance conference was international standards for regulation.

“We do not automatically set higher standards than what are agreed upon internationally,” she said of OSFI. “We are not ideological when it comes to regulation. Our philosophy is to look at the international standards, and then make up our own mind about whether they are appropriate or need to be strengthened in Canada.”