Following the growing number of cyber-attacks that local corporations have received during the past couple of years, the experience in other jurisdictions and recommendations from IAIS (International Association of Insurance Supervisors) the Chilean insurance regulatory authority (Comisión para el Mercado Financiero - CMF) has recently approved a new regulation that instructs insurance and reinsurance companies regarding operational and cyber security risks.

In this sense, considering the constant evolution of cyber-related risks and the extent that such a threat may present for the Chilean insurance –and financial-  sector, the norm puts in place the eight fundamental elements established by the G7 Fundamental Elements of Cyber Security for the Financial Sector   and demands their compliance by insurance companies.

Relevantly, the new norm –effective from 30th September 2021- states obligations for Insurers to: i) inform the CMF about an operational incident within no more than 30 minutes since the company took knowledge of its occurrence; ii) inform to clients or users promptly when the incident affects the quality or continuity of the Insurers’ services, having to update on available information until the incident is overcome and; iii) inform the industry. Cyber-related incidents will have to be shared with the rest of the industry in order to prevent about potential threats, allowing early detection, response and recovery and ultimately diminishing negative impacts to spread in the system. 

In all, this should be considered as a step forward in the development of cyber risk products in Chile, as local companies will know first-hand  the complexities and challenges that these bring.