Pakistan: SECP issues cybersecurity framework guidelines for insurance sector
The Securities and Exchange Commission of Pakistan ('SECP') issued, on 17 March 2020, Guidelines on Cybersecurity Framework for the Insurance Sector, 2020 ('the Guidelines'), which aim to improve the privacy and confidentiality of information stored and handled by insurers. In particular, the Guidelines recommend insurers to, among other things, appoint a chief information security officer ('CISO') responsible for implementing the overall cybersecurity framework within the organisation, conduct annual cyber risk assessments and submit the same to the SECP. In addition, the Guidelines outline the need to have in place adequate network and system security for the safeguarding of operating systems, software, and databases against cyber risks.
The Guidelines take effect from 1 July 2020.