Insights

Asking the better questions that unlock new answers to the working world's most complex issues.

Explore

Spotlight

AI insights

CEO agenda

CFO agenda

EY Center for board matters

Case studies

Operations leaders

Technology leaders

Services

EY helps clients create long-term value for all stakeholders. Enabled by data and technology, our services and solutions provide trust through assurance and help clients transform, grow and operate.

Explore

Spotlight

EY.ai - A unifying platform

Strategy, transaction and transformation consulting

Technology transformation

Tax function operations

Climate change and sustainability services

EY Ecosystems

EY Nexus: business transformation platform

Industries

Discover how EY insights and services are helping to reframe the future of your industry.

Explore

Case studies

Consulting

How Mojo Fertility is helping more men conceive

26 Sep 2023Lisa Lindström

Strategy and Transactions

How a cosmetics giant’s transformation strategy is unlocking value

13 Sep 2023Nobuko Kobayashi

Technology

How a global biopharma became a leader in ethical AI

15 Aug 2023Catriona Campbell

Careers

We bring together extraordinary people, like you, to build a better working world.

Explore

Spotlight

Experienced professionals

EY-Parthenon careers

Student and entry level (Mainland China)

Student and entry level (Hong Kong SAR, Macau SAR)

Talent community

About us

At EY, our purpose is building a better working world. The insights and services we provide help to create long-term value for clients, people and society, and to build trust in the capital markets.

Explore

Spotlight

EY reports global revenue of US$51.2b for fiscal year 2024

16 Oct 2024Rachel Lloyd

Empowering tomorrow’s leaders: EY announces collaboration with Women in Cloud for women’s leadership and development

10 Jul 2024Renny Popoola

EY announces acceleration of client AI Business Model adoption with NVIDIA AI

19 Mar 2024Barbara Dimajo

See all results for ' '

No results have been found

Trending

Select your location

Local sites

Bosnia-HerzegovinaEnglish

BotswanaEnglish

BrazilEnglish

Brazilportuguês

British Virgin IslandsEnglish

Cayman IslandsEnglish

Central AmericaEnglish

Dominican RepublicEnglish

ChadEnglish

Channel IslandsEnglish

Chileespañol

Central Americaespañol

Dominican Republicespañol

Czech RepublicEnglish

Czech Republicčeština

Democratic Republic of the CongoEnglish

Equatorial GuineaEnglish

Francophone AfricaEnglish

Kyrgyz RepublicEnglish

Middle East and North AfricaEnglish

NetherlandsNederlands

New ZealandEnglish

NigeriaEnglish

North MacedoniaEnglish

Palestinian AuthorityEnglish

Papua New GuineaEnglish

Slovak RepublicEnglish

Slovak Republicslovenčina

Trinidad and TobagoEnglish

TunisiaEnglish

Tunisiafrançais

Türkiye (Turkey)English

Türkiye (Turkey)Türkçe

UgandaEnglish

UkraineEnglish

Ukraineукраїнська

United Arab EmiratesEnglish

United KingdomEnglish

Revision of Hong Kong Insurance Authority Guideline on Cybersecurity (GL20)

Authors

Jeremy Pizzala

EY Asia-Pacific Cybersecurity Consulting Leader
Dr. Alan Lee

Partner, Financial Services, Cybersecurity Consulting, Ernst & Young Advisory Services Limited
Thomas Zhou

Partner, Financial Services, Cybersecurity Consulting, Ernst & Young Advisory Services Limited

2 minute read 18 Feb 2025

Learn about the new cybersecurity standards in the revised GL20 by the Hong Kong Insurance Authority (IA). Download our PoV for key points to note.

In December 2024, the IA announced the release of its revised GL20, effective 1 January 2025. It sets the standard for cybersecurity in which the authorized insurer should have in place and the general guiding principles in assessing the effectiveness of authorized insurer’s cybersecurity framework.

Compared to the first version of GL20, effective from 1 January 2020, a Cyber Resilience Assessment Framework (CRAF) has been introduced in the revised GL20. CRAF provides a structured assessment framework to help authorized insurers assess inherent cybersecurity risks and the maturity level of their cybersecurity.

In this briefing paper, we explain the major revisions, the key points to note and critical actions to take for GL20. Download the paper now.

Download the Revision of Hong Kong Insurance Authority Guideline on Cybersecurity (GL20)

PDF (436 KB)

Summary

The revised GL20 establishes new cybersecurity standards and principles for authorized insurers. This guideline introduces the CRAF, which helps insurers evaluate inherent cybersecurity risks and maturity levels. Our briefing paper details the significant changes, essential points and necessary actions for compliance with GL20.

Cybersecurity

Learn more about how organizations are accelerating transformation and strengthening cybersecurity at the same time.
Read more

Unleashing the power of GenAI through managing cyber risks

Learn how to unlock the potential and power of GenAI while safeguarding against cyber threats and ensuring business continuity.

27 Nov 2024 Jeremy Pizzala + 2

How can cybersecurity transform to accelerate value from AI?

With AI adoption across business functions booming, CISOs can reposition cybersecurity from the “department of no” to accelerators of AI value. Learn more.

01 May 2024 Richard Watson + 1

About this article

Authors

Jeremy Pizzala

EY Asia-Pacific Cybersecurity Consulting Leader
Dr. Alan Lee

Partner, Financial Services, Cybersecurity Consulting, Ernst & Young Advisory Services Limited
Thomas Zhou

Partner, Financial Services, Cybersecurity Consulting, Ernst & Young Advisory Services Limited

EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.

Insights

Trending topics

Spotlight

Services

Spotlight

Industries

Case studies

Careers

Spotlight

About us

Spotlight

Revision of Hong Kong Insurance Authority Guideline on Cybersecurity (GL20)