Brought to you by:

Code committee responds to 'influx' of significant breaches

The General Insurance Code Governance Committee (CGC) has today published a guidance note in response to an “influx of significant breach matters”.

As reported by earlier this month, a CGC inquiry already identified “a lax attitude” towards identifying breaches and called for improvement.

“The CGC’s inquiries revealed that subscribers are failing to correctly identify multiple breaches connected to the same underlying cause as a reportable significant breach, instead including them as standard breaches in their annual report of breach data,” today’s note says.

“Some subscribers have historically reported a disproportionally low number of significant breaches when compared to other subscribers of comparable size and market share.

“These findings point to a failure by subscribers to understand and interpret the definition of a ‘significant breach’ as set out in [the code] and to an unwillingness or unpreparedness to review breaches and their root causes for evidence of systemic failings and major problems.”

The guidance note is aimed at ensuring code subscribers identify significant breaches and report them in a timely manner.

“Given the potential negative impact on consumers, if you fail to identify, report or remediate significant breaches in an efficient and timely manner, you will be subject to sanctions under both the current and 2020 Code,” the committee warns.

To see the full guidance note, click here.