Dr. Suttiphol Taveechaikarn, the OIC Secretary-General identified that the rapid technology development was the opportunity and challenge of every industry, including the insurance industry. It needs fast adapt to be able to innovate and keep pace with technological change and customer demand. However, the risk of new threats occurring especially cybercrime or cyber threats that every sector needs carefully monitor, and the measure has to be taken to cope with technological change, in particular, the regulation of information technology risk management.  Cyber threat Evolving over time was becoming real and cannot be overlooked and resulted in widespread effects. Example case was data breach recently occurred in large commercial banks.

The Office has realized the new context of change happening in the digital age, affecting the insurance business whether on consumer behavior, economic fluctuation and advances in information technology.  Driving through the transition to the digital age, several positive and negative factors affecting the change in technology has been treated as an opportunity to develop new products, more convenient customer service channels.  However, more opening business opportunity, the risks associated with technology are also increasing.  The more technology companies apply for customer service such as through the Internet, online channels or application, the more important in security maintaining is needed to reduce the chance and damage from cyber attacks.

Driving through a digital transition and ready to deal with the cyber threats of the insurance industry, the Office of Insurance Commission’s multi-dimensional drives included rules and guidelines measure. It had the Proclamation of Electronics Means on Insurance Policy Issuance, Sales offer, Life insurance and Non-life insurance Remedy Claims, BE.2560 (2017) to support the electronic transactions of insurance companies, guidelines for the security and control of information technology risk management, and cyber threats (Cyber Security).  This would help insurance companies applying information technology properly to its governance and management with appropriated size, complexity, and effective control measures by self-issuant IT Risk Audit Manual.  In this connection, the Office together with Thai Life Assurance Association and Thai General Insurance Association jointly set up the TiCERT (Thai insurance Computer Emergency Response Team) as the center for coordination with insurance companies in responding to any case incident against the cyber threat to the insurance industry in a timely manner. Also, it collaborates with financial-relevant agencies to exchange information related to cybersecurity.    Recently, the Office has issued a letter of cooperation on surveillance of cyber threats to both insurance associations to be the precaution of the cyber threats prevalence to financial institutions and the insurance industry.   In responding to this, the insurance industry has been requested to coordinate in safeguard from cyber threats, keep its own staff and public informed of such threat, and keep the Office informed of any incident through the TiCERT’s channel (https://ticert.oic.or.th).

"Successful readiness for the insurance industry to encounter with new IT risks and the cyber threats needs all sectors of the insurance industry aware of this matter. It requires internal IT security measures to be implemented throughout the organization. It also needs to ensure to all stakeholders in having appropriate risk management and internal control systems”.   The secretary-general stressed.