{"id":5255,"date":"2025-09-27T23:18:33","date_gmt":"2025-09-27T15:18:33","guid":{"rendered":"https:\/\/darkcodesec.com\/?p=5255"},"modified":"2026-01-18T03:09:01","modified_gmt":"2026-01-17T19:09:01","slug":"ia-gl20-compliance-guide-hong-kong-insurers","status":"publish","type":"post","link":"https:\/\/darkcodesec.com\/zh\/ia-gl20-compliance-guide-hong-kong-insurers\/","title":{"rendered":"IA GL20 Compliance Guide: Navigating Cybersecurity for Hong Kong Insurers"},"content":{"rendered":"<p><h2>TL;DR: What Boards and Senior Executives Need to Know<\/h2>\n<ul>\n  <li>IA GL20 requires insurers to demonstrate <strong>cyber resilience<\/strong>, not just technical controls.<\/li>\n  <li>Compliance is assessed through the Cyber Resilience Assessment Framework (CRAF): IRA, MA, and TIBAS.<\/li>\n  <li>Most regulatory issues arise from governance gaps, weak risk articulation, and fragmented execution.<\/li>\n  <li>With clear ownership and leadership oversight, GL20 can materially reduce regulatory, operational, and reputational risk.<\/li>\n<\/ul>\n\n<\/p><p><strong>Relevant for:<\/strong> Board members, Risk Committees, CROs, CISOs, Heads of IT, and Compliance leaders accountable for IA engagement.<\/p>\n\n\n\n<div style=\"background:#eef3f8;border-left:4px solid #1e73be;padding:16px;margin:24px 0;\">\n<strong>Board perspective:<\/strong><br \/>\nGL20 reflects the Insurance Authority\u2019s expectation that cyber risk is governed as an enterprise risk, comparable to financial or operational risk. Boards are expected to understand, challenge, and sponsor remediation outcomes\u2014not merely approve submissions.\n<\/div>\n\n\n\n<figure class=\"wp-block-image size-full\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1536\" height=\"1024\" src=\"https:\/\/darkcodesec.com\/wp-content\/uploads\/2025\/09\/CRAF-Framework-Overview.png\" alt=\"Cyber Resilience Assessment Framework (CRAF) overview for IA GL20\" class=\"wp-image-5298\" srcset=\"https:\/\/darkcodesec.com\/wp-content\/uploads\/2025\/09\/CRAF-Framework-Overview.png 1536w, https:\/\/darkcodesec.com\/wp-content\/uploads\/2025\/09\/CRAF-Framework-Overview-300x200.png 300w\" sizes=\"(max-width: 1536px) 100vw, 1536px\" \/><\/figure>\n\n\n\n<p><h2>Understanding IA GL20 and CRAF<\/h2>\n<\/p><p>\nThe Insurance Authority\u2019s Guideline on Cybersecurity (GL20), revised in December 2024 and effective from January 1, 2025, formalises how insurers must assess and demonstrate cyber resilience. The focus is on protecting policyholder data (including PDPO-regulated personal data) and ensuring operational continuity during cyber incidents.\n<\/p>\n\n<p>\nCRAF structures this expectation into three interdependent assessments. While many insurers already operate ISO 27001 or NIST-aligned programmes, GL20 raises expectations around evidence, integration, and outcomes.\n<\/p>\n\n<h3>1. Inherent Risk Assessment (IRA)<\/h3>\n<p>\nIRA establishes the insurer\u2019s baseline cyber risk profile using 40+ indicators covering technology complexity, digital channels, outsourcing, and threat exposure. This risk rating directly drives assessment depth, supervisory expectations, and TIBAS applicability.\n<\/p>\n\n<h3>2. Maturity Assessment (MA)<\/h3>\n<p>\nMA evaluates whether governance, controls, and response capabilities are proportionate to the inherent risk. A remediation roadmap\u2014with owners, priorities, and timelines\u2014is a regulatory expectation, not an optional deliverable.\n<\/p>\n\n<h3>3. Threat Intelligence-Based Attack Simulation (TIBAS)<\/h3>\n<p>\nTIBAS is mandatory for medium- and high-risk insurers. It is an intelligence-led red team exercise conducted in production environments to test whether people, processes, and technology can withstand realistic attack scenarios targeting critical business functions.\n<\/p>\n\n\n\n<p><h2>Why GL20 Compliance Breaks Down<\/h2>\n<\/p><p>\nBased on market observations and regional project experience, GL20 issues rarely stem from lack of security tooling. They more often arise from governance and integration weaknesses.\n<\/p>\n\n<h3>Inadequate TIBAS Scope<\/h3>\n<p>\nTIBAS exercises that are limited in scenario breadth or disconnected from business risk fail to demonstrate resilience. Approximately 45% of insurers struggle to evidence meaningful scenario diversity.\n<\/p>\n\n<h3>Weak Maturity Gap Articulation<\/h3>\n<p>\nWhere MA identifies gaps but lacks a credible remediation roadmap, regulators view this as ineffective risk management. Around 30% of submissions fall short in this area.\n<\/p>\n\n<h3>Underestimated Inherent Risk<\/h3>\n<p>\nDigital channels, mobile platforms, and outsourced services are frequently underweighted in IRA, leading to misaligned risk ratings and downstream assessment issues.\n<\/p>\n\n<h3>Third-Party Blind Spots<\/h3>\n<p>\nThird-party systems remain a dominant source of incidents. An estimated 35% of material breaches involve vendor environments that were insufficiently assessed or governed.\n<\/p>\n\n<h3>Limited Executive Engagement<\/h3>\n<p>\nWhen senior management involvement is superficial, remediation stalls and IA follow-ups increase. Regulators increasingly expect evidence of informed challenge and oversight.\n<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"1536\" height=\"1024\" src=\"https:\/\/darkcodesec.com\/wp-content\/uploads\/2025\/09\/Risk-Gaps-in-GL20-Compliance.png\" alt=\"GL20 compliance gaps and governance risks\" class=\"wp-image-5300\" srcset=\"https:\/\/darkcodesec.com\/wp-content\/uploads\/2025\/09\/Risk-Gaps-in-GL20-Compliance.png 1536w, https:\/\/darkcodesec.com\/wp-content\/uploads\/2025\/09\/Risk-Gaps-in-GL20-Compliance-300x200.png 300w, https:\/\/darkcodesec.com\/wp-content\/uploads\/2025\/09\/Risk-Gaps-in-GL20-Compliance-1024x683.png 1024w, https:\/\/darkcodesec.com\/wp-content\/uploads\/2025\/09\/Risk-Gaps-in-GL20-Compliance-768x512.png 768w, https:\/\/darkcodesec.com\/wp-content\/uploads\/2025\/09\/Risk-Gaps-in-GL20-Compliance-18x12.png 18w\" sizes=\"(max-width: 1536px) 100vw, 1536px\" \/><\/figure>\n\n\n\n<p><h2>A Board-Usable GL20 Execution Roadmap<\/h2>\n\n<\/p><p><strong>Board \/ Risk Committee<\/strong>: Set risk appetite, sponsor remediation funding, challenge assumptions.<\/p>\n<p><strong>Management (CISO \/ IT \/ Compliance)<\/strong>: Execute assessments, integrate findings, maintain evidence.<\/p>\n\n<h3>1. Establish a Defensible IRA<\/h3>\n<p>\nEnsure all 40+ indicators are addressed and documented. Medium- and high-risk insurers should consider IA-experienced external assessors to benchmark against peer practices and reduce regulatory rework.\n<\/p>\n\n<h3>2. Strengthen MA and Remediation Governance<\/h3>\n<p>\nTranslate control gaps into funded, time-bound remediation actions integrated with enterprise risk and audit plans.\n<\/p>\n\n<h3>3. Execute Risk-Aligned TIBAS<\/h3>\n<p>\nDesign 3\u20135 scenarios that directly map to IRA and MA findings, demonstrating a coherent, risk-based testing strategy.\n<\/p>\n\n<h3>4. Enforce Third-Party Accountability<\/h3>\n<p>\nAlign vendor contracts, oversight, and escalation processes with CRAF expectations, particularly for critical service providers.\n<\/p>\n\n<h3>5. Maintain Ongoing Executive Oversight<\/h3>\n<p>\nConduct periodic Board or senior management reviews to track remediation progress and emerging cyber risk trends.\n<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"683\" src=\"https:\/\/darkcodesec.com\/wp-content\/uploads\/2025\/09\/Roadmap-to-IA-GL20-Compliance-1024x683.png\" alt=\"GL20 compliance execution roadmap\" class=\"wp-image-5305\" srcset=\"https:\/\/darkcodesec.com\/wp-content\/uploads\/2025\/09\/Roadmap-to-IA-GL20-Compliance-1024x683.png 1024w, https:\/\/darkcodesec.com\/wp-content\/uploads\/2025\/09\/Roadmap-to-IA-GL20-Compliance-300x200.png 300w, https:\/\/darkcodesec.com\/wp-content\/uploads\/2025\/09\/Roadmap-to-IA-GL20-Compliance-768x512.png 768w, https:\/\/darkcodesec.com\/wp-content\/uploads\/2025\/09\/Roadmap-to-IA-GL20-Compliance-18x12.png 18w, https:\/\/darkcodesec.com\/wp-content\/uploads\/2025\/09\/Roadmap-to-IA-GL20-Compliance-530x353.png 530w, https:\/\/darkcodesec.com\/wp-content\/uploads\/2025\/09\/Roadmap-to-IA-GL20-Compliance.png 1536w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><h2>Case Study: Leadership as the Turning Point<\/h2>\n<\/p><p>\nA 2025 breach affecting over 50,000 policyholders exposed weaknesses in mobile application risk assessment and a narrowly scoped TIBAS exercise.\n<\/p>\n<p>\nThe decisive factor in recovery was active Board and senior management sponsorship of the remediation roadmap, enabling faster decisions, funding approval, and cross-functional alignment. The insurer reduced critical vulnerabilities by 80% within six months and subsequently passed IA review.\n<\/p>\n\n\n\n<h2>How DarkCode Security Supports GL20<\/h2>\n<p>\nDarkCode Security helps insurers translate GL20 from regulatory text into defensible, IA-ready outcomes. Our support spans IRA and MA facilitation, intelligence-led TIBAS execution, and regulator-ready documentation aligned to IA templates.\n<\/p>\n\n<p>\n<strong>If your IRA, MA, or TIBAS submission is approaching,<\/strong> we can help you reduce uncertainty, close gaps efficiently, and present a coherent risk narrative to the IA.\n<\/p>\n\n<p>\n<a href=\"mailto:info@darkcodesec.com\">Contact us<\/a> or visit <a href=\"https:\/\/darkcodesec.com\/zh\/services\/\">darkcodesec.com\/services<\/a>.\n<\/p>","protected":false},"excerpt":{"rendered":"<p>TL;DR: What Boards and Senior Executives Need to Know IA GL20 requires insurers to demonstrate cyber resilience, not just technical controls. Compliance is assessed through the Cyber Resilience Assessment Framework (CRAF): IRA, MA, and TIBAS. Most regulatory issues arise from governance gaps, weak risk articulation, and fragmented execution. With clear ownership and leadership oversight, GL20 <\/p>","protected":false},"author":3,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[67,73],"tags":[71,70,72],"class_list":["post-5255","post","type-post","status-publish","format-standard","hentry","category-compliance","category-latest","tag-compliance","tag-gl20","tag-insurance"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.2 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>IA GL20 Compliance Guide: Navigating Cybersecurity for Hong Kong Insurers - DarkCode<\/title>\n<meta name=\"description\" content=\"Complete guide to IA GL20 compliance for Hong Kong insurers: understand CRAF (IRA, MA, TIBAS), avoid common pitfalls, meet deadlines. Practical steps from DarkCode.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/darkcodesec.com\/zh\/ia-gl20-compliance-guide-hong-kong-insurers\/\" \/>\n<meta property=\"og:locale\" content=\"zh_HK\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"IA GL20 Compliance Guide: Navigating Cybersecurity for Hong Kong Insurers - DarkCode\" \/>\n<meta property=\"og:description\" content=\"Complete guide to IA GL20 compliance for Hong Kong insurers: understand CRAF (IRA, MA, TIBAS), avoid common pitfalls, meet deadlines. Practical steps from DarkCode.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/darkcodesec.com\/zh\/ia-gl20-compliance-guide-hong-kong-insurers\/\" \/>\n<meta property=\"og:site_name\" content=\"DarkCode\" \/>\n<meta property=\"article:published_time\" content=\"2025-09-27T15:18:33+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-01-17T19:09:01+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/darkcodesec.com\/wp-content\/uploads\/2025\/09\/CRAF-Framework-Overview.png\" \/>\n\t<meta property=\"og:image:width\" content=\"640\" \/>\n\t<meta property=\"og:image:height\" content=\"427\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Gary Yip\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"Gary Yip\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9810\u8a08\u95b1\u8b80\u6642\u9593\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 \u5206\u9418\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/darkcodesec.com\/ia-gl20-compliance-guide-hong-kong-insurers\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/darkcodesec.com\/ia-gl20-compliance-guide-hong-kong-insurers\/\"},\"author\":{\"name\":\"Gary Yip\",\"@id\":\"https:\/\/darkcodesec.com\/#\/schema\/person\/df5ad1498356232b15d714a17d400d6e\"},\"headline\":\"IA GL20 Compliance Guide: Navigating Cybersecurity for Hong Kong Insurers\",\"datePublished\":\"2025-09-27T15:18:33+00:00\",\"dateModified\":\"2026-01-17T19:09:01+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/darkcodesec.com\/ia-gl20-compliance-guide-hong-kong-insurers\/\"},\"wordCount\":737,\"image\":{\"@id\":\"https:\/\/darkcodesec.com\/ia-gl20-compliance-guide-hong-kong-insurers\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/darkcodesec.com\/wp-content\/uploads\/2025\/09\/CRAF-Framework-Overview.png\",\"keywords\":[\"Compliance\",\"GL20\",\"Insurance\"],\"articleSection\":[\"Compliance\",\"Latest\"],\"inLanguage\":\"zh-HK\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/darkcodesec.com\/ia-gl20-compliance-guide-hong-kong-insurers\/\",\"url\":\"https:\/\/darkcodesec.com\/ia-gl20-compliance-guide-hong-kong-insurers\/\",\"name\":\"IA GL20 Compliance Guide: Navigating Cybersecurity for Hong Kong Insurers - DarkCode\",\"isPartOf\":{\"@id\":\"https:\/\/darkcodesec.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/darkcodesec.com\/ia-gl20-compliance-guide-hong-kong-insurers\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/darkcodesec.com\/ia-gl20-compliance-guide-hong-kong-insurers\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/darkcodesec.com\/wp-content\/uploads\/2025\/09\/CRAF-Framework-Overview.png\",\"datePublished\":\"2025-09-27T15:18:33+00:00\",\"dateModified\":\"2026-01-17T19:09:01+00:00\",\"author\":{\"@id\":\"https:\/\/darkcodesec.com\/#\/schema\/person\/df5ad1498356232b15d714a17d400d6e\"},\"description\":\"Complete guide to IA GL20 compliance for Hong Kong insurers: understand CRAF (IRA, MA, TIBAS), avoid common pitfalls, meet deadlines. Practical steps from DarkCode.\",\"breadcrumb\":{\"@id\":\"https:\/\/darkcodesec.com\/ia-gl20-compliance-guide-hong-kong-insurers\/#breadcrumb\"},\"inLanguage\":\"zh-HK\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/darkcodesec.com\/ia-gl20-compliance-guide-hong-kong-insurers\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\/\/darkcodesec.com\/ia-gl20-compliance-guide-hong-kong-insurers\/#primaryimage\",\"url\":\"https:\/\/darkcodesec.com\/wp-content\/uploads\/2025\/09\/CRAF-Framework-Overview.png\",\"contentUrl\":\"https:\/\/darkcodesec.com\/wp-content\/uploads\/2025\/09\/CRAF-Framework-Overview.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/darkcodesec.com\/ia-gl20-compliance-guide-hong-kong-insurers\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/darkcodesec.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"IA GL20 Compliance Guide: Navigating Cybersecurity for Hong Kong Insurers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/darkcodesec.com\/#website\",\"url\":\"https:\/\/darkcodesec.com\/\",\"name\":\"DarkCode\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/darkcodesec.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"zh-HK\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/darkcodesec.com\/#\/schema\/person\/df5ad1498356232b15d714a17d400d6e\",\"name\":\"Gary Yip\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/34739eadd95ebeef9b66e0a5e067c14341df78d5891b7394eb259125794873e6?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/34739eadd95ebeef9b66e0a5e067c14341df78d5891b7394eb259125794873e6?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/34739eadd95ebeef9b66e0a5e067c14341df78d5891b7394eb259125794873e6?s=96&d=mm&r=g\",\"caption\":\"Gary Yip\"},\"url\":\"https:\/\/darkcodesec.com\/zh\/author\/gary-yip\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"IA GL20 Compliance Guide: Navigating Cybersecurity for Hong Kong Insurers - DarkCode","description":"Complete guide to IA GL20 compliance for Hong Kong insurers: understand CRAF (IRA, MA, TIBAS), avoid common pitfalls, meet deadlines. Practical steps from DarkCode.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/darkcodesec.com\/zh\/ia-gl20-compliance-guide-hong-kong-insurers\/","og_locale":"zh_HK","og_type":"article","og_title":"IA GL20 Compliance Guide: Navigating Cybersecurity for Hong Kong Insurers - DarkCode","og_description":"Complete guide to IA GL20 compliance for Hong Kong insurers: understand CRAF (IRA, MA, TIBAS), avoid common pitfalls, meet deadlines. Practical steps from DarkCode.","og_url":"https:\/\/darkcodesec.com\/zh\/ia-gl20-compliance-guide-hong-kong-insurers\/","og_site_name":"DarkCode","article_published_time":"2025-09-27T15:18:33+00:00","article_modified_time":"2026-01-17T19:09:01+00:00","og_image":[{"url":"https:\/\/darkcodesec.com\/wp-content\/uploads\/2025\/09\/CRAF-Framework-Overview.png","width":640,"height":427,"type":"image\/png"}],"author":"Gary Yip","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"Gary Yip","\u9810\u8a08\u95b1\u8b80\u6642\u9593":"5 \u5206\u9418"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/darkcodesec.com\/ia-gl20-compliance-guide-hong-kong-insurers\/#article","isPartOf":{"@id":"https:\/\/darkcodesec.com\/ia-gl20-compliance-guide-hong-kong-insurers\/"},"author":{"name":"Gary Yip","@id":"https:\/\/darkcodesec.com\/#\/schema\/person\/df5ad1498356232b15d714a17d400d6e"},"headline":"IA GL20 Compliance Guide: Navigating Cybersecurity for Hong Kong Insurers","datePublished":"2025-09-27T15:18:33+00:00","dateModified":"2026-01-17T19:09:01+00:00","mainEntityOfPage":{"@id":"https:\/\/darkcodesec.com\/ia-gl20-compliance-guide-hong-kong-insurers\/"},"wordCount":737,"image":{"@id":"https:\/\/darkcodesec.com\/ia-gl20-compliance-guide-hong-kong-insurers\/#primaryimage"},"thumbnailUrl":"https:\/\/darkcodesec.com\/wp-content\/uploads\/2025\/09\/CRAF-Framework-Overview.png","keywords":["Compliance","GL20","Insurance"],"articleSection":["Compliance","Latest"],"inLanguage":"zh-HK"},{"@type":"WebPage","@id":"https:\/\/darkcodesec.com\/ia-gl20-compliance-guide-hong-kong-insurers\/","url":"https:\/\/darkcodesec.com\/ia-gl20-compliance-guide-hong-kong-insurers\/","name":"IA GL20 Compliance Guide: Navigating Cybersecurity for Hong Kong Insurers - DarkCode","isPartOf":{"@id":"https:\/\/darkcodesec.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/darkcodesec.com\/ia-gl20-compliance-guide-hong-kong-insurers\/#primaryimage"},"image":{"@id":"https:\/\/darkcodesec.com\/ia-gl20-compliance-guide-hong-kong-insurers\/#primaryimage"},"thumbnailUrl":"https:\/\/darkcodesec.com\/wp-content\/uploads\/2025\/09\/CRAF-Framework-Overview.png","datePublished":"2025-09-27T15:18:33+00:00","dateModified":"2026-01-17T19:09:01+00:00","author":{"@id":"https:\/\/darkcodesec.com\/#\/schema\/person\/df5ad1498356232b15d714a17d400d6e"},"description":"Complete guide to IA GL20 compliance for Hong Kong insurers: understand CRAF (IRA, MA, TIBAS), avoid common pitfalls, meet deadlines. Practical steps from DarkCode.","breadcrumb":{"@id":"https:\/\/darkcodesec.com\/ia-gl20-compliance-guide-hong-kong-insurers\/#breadcrumb"},"inLanguage":"zh-HK","potentialAction":[{"@type":"ReadAction","target":["https:\/\/darkcodesec.com\/ia-gl20-compliance-guide-hong-kong-insurers\/"]}]},{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/darkcodesec.com\/ia-gl20-compliance-guide-hong-kong-insurers\/#primaryimage","url":"https:\/\/darkcodesec.com\/wp-content\/uploads\/2025\/09\/CRAF-Framework-Overview.png","contentUrl":"https:\/\/darkcodesec.com\/wp-content\/uploads\/2025\/09\/CRAF-Framework-Overview.png"},{"@type":"BreadcrumbList","@id":"https:\/\/darkcodesec.com\/ia-gl20-compliance-guide-hong-kong-insurers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/darkcodesec.com\/"},{"@type":"ListItem","position":2,"name":"IA GL20 Compliance Guide: Navigating Cybersecurity for Hong Kong Insurers"}]},{"@type":"WebSite","@id":"https:\/\/darkcodesec.com\/#website","url":"https:\/\/darkcodesec.com\/","name":"DarkCode","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/darkcodesec.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"zh-HK"},{"@type":"Person","@id":"https:\/\/darkcodesec.com\/#\/schema\/person\/df5ad1498356232b15d714a17d400d6e","name":"Gary Yip","image":{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/secure.gravatar.com\/avatar\/34739eadd95ebeef9b66e0a5e067c14341df78d5891b7394eb259125794873e6?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/34739eadd95ebeef9b66e0a5e067c14341df78d5891b7394eb259125794873e6?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/34739eadd95ebeef9b66e0a5e067c14341df78d5891b7394eb259125794873e6?s=96&d=mm&r=g","caption":"Gary Yip"},"url":"https:\/\/darkcodesec.com\/zh\/author\/gary-yip\/"}]}},"_links":{"self":[{"href":"https:\/\/darkcodesec.com\/zh\/wp-json\/wp\/v2\/posts\/5255","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/darkcodesec.com\/zh\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/darkcodesec.com\/zh\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/darkcodesec.com\/zh\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/darkcodesec.com\/zh\/wp-json\/wp\/v2\/comments?post=5255"}],"version-history":[{"count":11,"href":"https:\/\/darkcodesec.com\/zh\/wp-json\/wp\/v2\/posts\/5255\/revisions"}],"predecessor-version":[{"id":5320,"href":"https:\/\/darkcodesec.com\/zh\/wp-json\/wp\/v2\/posts\/5255\/revisions\/5320"}],"wp:attachment":[{"href":"https:\/\/darkcodesec.com\/zh\/wp-json\/wp\/v2\/media?parent=5255"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/darkcodesec.com\/zh\/wp-json\/wp\/v2\/categories?post=5255"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/darkcodesec.com\/zh\/wp-json\/wp\/v2\/tags?post=5255"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}