Skip to main content
  • Cyber risk control

    • Cyber Resilience

      • Cyber Security Framework

        With reference to Circular Number (381000091275) dated 28\08\1438 titled Cyber Security Framework “CSF” in the financial sector, and in pursuit by the Central Bank “SAMA” to enhance cyber security standards for financial institutions within the insurance sector, please be informed that the following financial institutions.

        Insurance Brokerage Companies holding SAMA’s approval for electronic sales. Insurance Aggregators. Medical Claims Settlement Companies.

        Must adhere to implement the CSF as follows

        First: Conduct an in-depth and accurate assessment of the current status of cyber security at the financial institution. This should be compared against the requirements stated within the CSF to identify weaknesses and assess the level of maturity as described within the CSF under the definition of "Maturity Level".

        Second: Develop a business plan to meet all requirements of the third maturity level, as mentioned in the CSF, as a minimum.

        Third: Present the business plan to the board of directors/managers or general manager, for their review, approval and for seeking any further necessary support.

        Fourth: Send the approved business plan to the SAMA within ninety working days of the date of publication of this Circular.

        Fifth: Provide SAMA with quarterly reports starting from the end of the first quarter of the year 2023 until full compliance with the CSF.

        Sixth: Fully comply with the requirements stated in the CSF within (18) months.

        Seventh: The Cyber Security Committee –or equivalent- of the financial institution must follow up on the implementation of the CSF to ensure full support and resources are provided where necessary. Further to ensure timely escalation of obstacles and other related hindrances to the competent authority that may prevent complete implementation of the CSF.

        The business plan and quarterly reports to be sent through mail.

        To be informed and complied with.