Cybersecurity Policies for the Insurance Industry

Uploaded on 2015-05-07 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

Sutherland-CybersecurityandPrivacyInsight-blog-Banner-1292015.jpg

Shortly after the discovery of a cybersecurity breach at the health insurance company Anthem, Inc., the National Association of Insurance Commissioners (NAIC) called for a multi-state examination of Anthem’s cybersecurity practices to determine what protections were in place and what actions could have been taken to minimize data losses.  The examination is currently underway and led by insurance regulators from California, Indiana, Maine, Missouri, New Hampshire, North Dakota and South Carolina.  It should be noted that while this appears to be the first large scale multi-state examination of an insurer’s cybersecurity practices, some insurance departments, such as Connecticut, have already been conducting review of an insurer’s cybersecurity policies and procedures as part of its regular examinations.
Subsequently, NAIC released for comment two draft documents on cybersecurity. The first draft document, developed by NAIC’s recently created Cybersecurity Task Force, is entitled “Principles for Effective Cybersecurity Insurance Regulatory Guidance” (the Principles).  The Principles were designed to help state insurance departments identify cybersecurity risk and establish uniform standards to protect against it. The Principles also identify ways in which state regulators and NAIC can work with the insurance industry to flag these risks and work together on meaningful solutions.
The second draft document, developed by NAIC’s Property and Casualty Insurance Committee, is NAIC’s “Annual Statement Supplement for Cybersecurity Policies” (the Supplement).  The Supplement reviews recent cybersecurity exposures.
In addition to NAIC’s multi-state examination of Anthem, and its release of the draft Principles and Supplement, the New York State Department of Financial Services (NYDFS) is also looking into insurers’ cybersecurity practices.  NYDFS recently released the results of its cybersecurity survey of insurance companies. The survey inquired about insurers’ current and future cybersecurity programs, including their use of third-party vendors.  Forty-three insurance companies responded to the survey and provided insight into existing and planned cybersecurity programs, as well as the nature of measures taken by them to safeguard sensitive data and/or to protect against loss due to security incidents.
NYDFS is the principal regulator for insurance companies operating in the State of New York, as well as certain financial entities and other financial institutions. NAIC is the US standard-setting and regulatory support organization created and governed by the chief insurance regulators from the 50 states, the District of Columbia and five US territories.
JD Supra: http://bit.ly/1EVuxGr

« US Defense Secretary Defines New Cybersecurity Strategy
Russian Hackers Have Been Reading Obama’s Emails »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

AA Certification (AAC)

AA Certification (AAC)

AAC provide ISO Quality Management System certification services including ISO 27001.

Odix

Odix

Odix security software neutralizes file embedded targeted cyber attacks before they enter your organization’s network.

MD5

MD5

MD5 is a leading UK provider of Digital Forensic & eDiscovery services to large multi-national corporate businesses, Law Enforcement & Government Agencies, high profile legal firms.

Materna Virtual Solution

Materna Virtual Solution

Materna Virtual Solution security solutions enable user-friendly, secure mobile working environments.

TeachPrivacy

TeachPrivacy

TeachPrivacy provides computer-based privacy and data security training that is engaging, memorable, and understandable.

H3C Group

H3C Group

H3C provides a full range of Computer, Storage, Networking and Security solutions.

Ritz

Ritz

Ritz is the largest holistic pure-play cyber security solutions provider in Myanmar.

NSW Cyber Security Innovation Node

NSW Cyber Security Innovation Node

NSW Cyber Security Innovation Node is part of a national network designed to foster and accelerate cyber capability and innovation across Australia.

Security Alliance

Security Alliance

Security Alliance provide bespoke cyber intelligence consulting and research services.

Crown Sterling

Crown Sterling

Crown Sterling delivers next generation software-based, AI-driven cryptography in the form of random number generators and encryption products.

Cyber Resilience Centre for Wales (WCRC)

Cyber Resilience Centre for Wales (WCRC)

The Cyber Resilience Centre for Wales (WCRC) is part of the national roll out of Cyber Resilience Centres in the UK which began in 2019.

Zenity

Zenity

Zenity is the first and only security governance platform for low-code/no-code applications.

Locuz

Locuz

At Locuz, we’ve made it our mission to help businesses like yours create an actionable digital strategy.

Triangle

Triangle

Triangle enable innovative business transformation by ensuring critical hybrid infrastructures are optimised, interoperable and secure.

Quantum Ventura

Quantum Ventura

Quantum Ventura is a technology innovation company with a single mission of delivering customer-centric advanced solutions to US Federal & State Governments and Private Sector customers.

Fortress SRM

Fortress SRM

Fortress SRM protects companies from the financial, operational, and emotional trauma of cybercrime by improving the security performance of its people, processes, and technology.