Cyber threats present a continuous and growing risk, particularly with the increased use of technology in conducting insurance business activities. Advisors should review their current cybersecurity practices, implement measures to prevent cybersecurity incidents and be ready to respond to them should an incident occur. Advisors have a duty to safeguard clients' personal information and to determine the appropriate safeguards necessary to meet their duty. 

Cybersecurity refers to any practice that safeguards the confidentiality, integrity, and availability of business, employee, and customer data using computer systems. Breakdowns in these safeguards are referred to as incidents. Cyber threats may be the result of a human error, a system not working properly, or a deliberate and calculated intrusion such as a cyber-attack. 

Being proactive in implementing appropriate measures against cyber threats is key to preventing cyber incidents that could compromise or lead to the theft of client information and mitigating impacts on both Advisors and their clients.

To aid Advisors in understanding the risks and measures to be taken, the Canadian Insurance Services Regulatory Organizations (CISRO) issued a publication and tool on Cybersecurity Readiness to support Advisors in improving cybersecurity practices and safeguarding confidential client information. Some of the key measures noted in the publication include:

  • Understanding and complying with the businesses policies and procedures on cybersecurity;
  • Reviewing cybersecurity practices and implementing appropriate measures to address or mitigate any identified risks; and
  • Establishing a cybersecurity incident response plan to protect client information (see ‘Elements to include in a Cyber Incident Response Plan,’ page 7 in the publication).

There is also a companion publication called Cybersecurity readiness when using generative artificial intelligence, which addresses the use of generative AI to create new content, such as emails, marketing materials or translation documents. This publication is intended to raise Advisor awareness of the importance of adapting their cybersecurity strategy to their use of generative AI. It also identifies practices for individuals and organizations to consider, including:

  • Reviewing and implementing policies and procedures regarding AI use and ensuring established practices are followed
  • Participating in training that helps you understand the various types of AI solutions and how to use them safely
  • Not sharing confidential information in public and open solutions

Advisors are encouraged to familiarize themselves with the practices outlined in CISRO’s publication to achieve and ensure cybersecurity readiness.

Remember, 
Good Business is Compliant and Compliance Matters!