Cybersecurity is a growing concern for the public and a top priority for Sun Life. Organizations around the world are facing increasing attacks on their computer systems by sophisticated hacking groups.
Our Senior Vice-President and Chief Information Security Officer (CISO) is accountable for providing global oversight over the implementation of Sun Life’s information security program and the Security Risk Policy. The CISO leads a global team of over 200 highly qualified individuals. Their global mandate includes the development, execution and operational management of Sun Life’s security strategy, risk assessments, security controls, monitoring, incident response and compliance. The CISO is also the chair of the global crisis management team and is responsible for reporting on technology risk.
We continue to evolve our cyber defences to be effective against emerging threats. For example:
- Defence best practices: We align our security program to leading frameworks such as the Cybersecurity Framework of the National Institute of Standards and Technology. This framework outlines best practices to help organizations manage and lower their cybersecurity risks.
- Multiple control layers: We follow the three-lines-of-defence model to manage security risks (refer to Risk Management). We incorporate a “defence-in-depth” strategy and use multiple control layers to protect all data. These controls range from web firewalls, anti-malware software and encryption to intrusion monitoring and email threat protection.
- Security audits and testing: We regularly perform security audits, scanning and testing of Sun Life’s systems and practices involving Client data. Our security team assesses how effective our controls are and drives active improvements. We use security solutions that incorporate artificial intelligence and machine learning. These technologies help our security analysts assess threats and respond to cyberattacks. Every quarter, we report on cyber risk and cybersecurity to the Risk Committee of the Board of Directors.
- Cyber intelligence: We use cyber intelligence services to help us identify, assess and update our defences against the latest cyber threats.