The number of cyber attacks are on the increase and so is its level of sophistication. Because insurance companies are data-driven businesses holding vast amounts of customer data (personal information, health and financial data), cyber attacks are a real threat and should be prioritised as one of the key operational risks. Most of the attacks against insurance companies have taken place in the US but insurers in Asia cannot afford to be complacent. In 1997, a multinational insurer in Singapore had the personal data of over 5,000 of its customers stolen by a cyber attack. The cyber attack on the Marriott hotel group, which was revealed in November 2018 and which compromised about 500 million guests, is a stark reminder of how devastating an attack can be. There is thus a pressing need for insurers to establish robust cybersecurity frameworks to protect their business data and the personal data of customers. The issues facing insurers on their path to ensuring cyber resilience are challenging as some insurers are still using legacy technology but are building newer applications on top. The increase in the volume of data collected across various business applications adds to the complexity. Yet it must not be forgotten that breaches can happen as simply as a hacker stealing the identity of a claims processor.