US Cyber Security Insurance Developments

Uploaded on 2015-05-26 in NEWS-News Analysis, FREE TO VIEW, BUSINESS-Services-Financial

naic_logo.jpg

US insurance regulators have increased their scrutiny of cyber security measures of insurance companies in the light of significant cyber attacks against businesses, including insurance companies.

On 16 April 2015, the NAIC Cybersecurity Task Force adopted twelve “guiding principles” for effective cyber security by insurance companies. This adoption followed the inaugural meeting of the NAIC Cybersecurity Task Force at the NAIC Spring 2015 National Meeting on 29 March 2015. The guiding principles are brief and relatively broad. For example, Principle 2 provides that “Confidential and/or personally identifiable consumer information data that is collected, stored and transferred inside or outside of an insurer’s, insurance producer’s or other regulated entity’s network should be appropriately safeguarded”; similarly, Principle 4 provides that “Cyber security regulatory guidance for insurers and insurance producers must be flexible, scalable, practical and consistent with nationally recognized efforts such as those embodied in the National Institute of Standards and Technology (NIST) framework.”

In addition to the guiding principles, the NAIC Cybersecurity Task Force’s work plan includes development of a “Consumer Bill of Rights” that will set forth consumers’ rights following a data breach at an insurance company; work on NAIC model laws regarding health information privacy, consumer financial and health information, safeguarding of consumer information, and insurance fraud prevention; and survey of states on cyber security measures. 

Beyond the NAIC’s work in this area, various US state insurance regulators have independently been focusing on cyber security issues. In particular, the New York Department of Financial Services (NYDFS) has raised heightened concerns regarding cyber security at entities that it regulates. Following upon its February 2015 Report on Cyber Security in the Insurance Sector, NYDFS issued an information request on 26 March 2015 to the largest insurers in New York requesting a confidential report on their cyber security measures by 27 April 2015. The request is quite detailed in the types of information regarding the insurers’ informational technology/cyber security framework that it demands. It covers issues ranging from the qualification requirements for an insurer’s chief technology officer and information risk management policies (including with respect to third-party vendors) to specific points such as multi-factor authentication and adherence to the NIST framework.
The answers to the request will be used by NYDFS to undertake a “comprehensive risk assessment of each institution” under its supervision. This request follows on the announcement NYDFS made when it released its February report on cyber security that it will “integrate regular, targeted assessments of cyber security preparedness at insurance companies as part of [its] examination process” going forward.

The current pronounced and increasing regulatory focus on cyber security in the insurance industry means that insurance companies, insurance producers and any service providers or vendors for the insurance industry should review their cyber security processes and procedures and prepare for increasing scrutiny and regulation in this area.
Clyde & Co LLP : http://bit.ly/1dutNw7

« Silicon Valley a Major Player in Cyberwarfare
Redefining Your Data Protection Strategy »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

DataCore Software

DataCore Software

DataCore Software is a leader in Software-Defined Storage. Solutions offered include back up and disaster recovery.

Ixia

Ixia

Ixia provides testing, visibility, and security solutions to strengthen applications across physical and virtual networks.

Applicure Technologies

Applicure Technologies

Applicure Technologies develops the leading multi-platform web application security software products to protect web sites and web applications from external and internal attacks.

CodeSealer

CodeSealer

CodeSealer provide invisible end-to-end user interface protection with a unique web security solution to eliminate Man-in-the-Middle and Man-in-the-Browser vulnerabilties.

Information & eGovernment Authority (iGA) - Bahrain

Information & eGovernment Authority (iGA) - Bahrain

The Information & eGovernment Authority facilitates many services catering to different parts of the community within the IT sector in Bahrain including information security.

Fyde

Fyde

Fyde helps companies with an increasingly distributed workforce mitigate breach risk by enabling secure access to critical enterprise resources.

ValidSoft

ValidSoft

ValidSoft is a security software company, providing telecommunications-based multi-factor authentication, identity and transaction verification technology.

BAI Security

BAI Security

BAI Security is a Nationally Recognized Leader in IT Security. Keeping your data safe and your business compliant is our singular focus.

ConnectWise

ConnectWise

The Unified ConnectWise Platform offers intelligent software and expert services to easily run your business, deliver your services, secure your clients, and build your staff.

South West Cyber Resilience Centre (SWCRC)

South West Cyber Resilience Centre (SWCRC)

The South West Cyber Resilience Centre (SWCRC) is led by serving police officers, as part of a not-for-profit partnership with business and academia.

Sikich

Sikich

Sikich LLP is a leading professional services firm specializing in accounting, advisory, technology and managed services.

Obrela Security Industries

Obrela Security Industries

Obrela Security manage cyber exposure, risks and compliance. We identify, predict and prevent cyber threats in real time. As a service, personalised, on demand.

Ping Identity

Ping Identity

At Ping Identity, we believe in making digital experiences both secure and seamless for all users, without compromise. That’s digital freedom.

Indian Cyber Security Solutions (ICSS)

Indian Cyber Security Solutions (ICSS)

Indian Cyber Security Solutions is an Enterprise Cyber Security Platforms company offering Cyber Security & Technical Education and Compliance & Penetration Testing Services.

ID R&D

ID R&D

ID R&D is an award-winning provider of AI-based facial liveness, document liveness, and voice biometrics.

Rhodian Group

Rhodian Group

Rhodian Group (formerly Adar) specialize in providing Technology, Cybersecurity, and Compliance services to the insurance industry.