Will Canada’s cyber reporting be harmonized?

By Alyssa DiSabatino | September 30, 2022 | Last updated on October 30, 2024
2 min read
Magnifying glass over a key on a laptop keyboard which has a law scale symbol on it
iStock.com/alexsl

The Insurance Bureau of Canada would like to see a harmonization in Canada on cyber reporting, says Celyeste Power, IBC’s executive vice president of strategic initiatives and advocacy during a Canadian Underwriter webinar.

“A lot of regulators around the world are doing cyber reporting, [that is], how insurers need to report on cyber and take steps afterward,” says Power. “Of course, it’s incredibly important and we want to make sure that our consumer data and information is extremely secure.

“But one thing we are calling for, at least in Canada, is some harmonization of that,” Power says. “And in the event of these unfortunate attacks, we want to make sure that we’re focusing our time and attention on the consumer, on protecting data, and not as much on bureaucracy.”

Harmonization in Canada and, if possible, globally, would go a long way in helping the industry, Power suggests.

For governments or regulators who want to get involved in the cyber market, “I do think that there are issues of access to good data that can be used where governments can potentially partner with the industry,” says Stephen Simchak, vice president, head of international and counsel at American Property & Casualty Insurance Association.

But governments and regulators need to be “judicious” in how they engage with the industry’s cyber market, he adds, as the product is new and evolving.

“The standards that are developed at the international level do inevitably bleed down into the national level,” Simchak says. For example, the International Association of Insurance Supervisors has an operational resilience task force, which is developing supervisory materials on insurers’ own cybersecurity, including IT third-party outsourcing and business continuity management.

“They’re going to come out with some standards or recommendations for the national authorities, for [The Office of the Superintendent of Financial Institutions]. So, I think the industry should be aware of that,” Simchak says. “We’re of the view that there is not a financial stability risk from cyber underwriting, but these discussions are happening at the international level.

“But to the extent possible, [regulators should] really let these markets grow, let the products evolve, [and] don’t try to intervene in the development of the products themselves.”

 

Feature image by iStock.com/alexsl

Alyssa DiSabatino