US Cyber Security Insurance Developments

naic_logo.jpg

US insurance regulators have increased their scrutiny of cyber security measures of insurance companies in the light of significant cyber attacks against businesses, including insurance companies.

On 16 April 2015, the NAIC Cybersecurity Task Force adopted twelve “guiding principles” for effective cyber security by insurance companies. This adoption followed the inaugural meeting of the NAIC Cybersecurity Task Force at the NAIC Spring 2015 National Meeting on 29 March 2015. The guiding principles are brief and relatively broad. For example, Principle 2 provides that “Confidential and/or personally identifiable consumer information data that is collected, stored and transferred inside or outside of an insurer’s, insurance producer’s or other regulated entity’s network should be appropriately safeguarded”; similarly, Principle 4 provides that “Cyber security regulatory guidance for insurers and insurance producers must be flexible, scalable, practical and consistent with nationally recognized efforts such as those embodied in the National Institute of Standards and Technology (NIST) framework.”

In addition to the guiding principles, the NAIC Cybersecurity Task Force’s work plan includes development of a “Consumer Bill of Rights” that will set forth consumers’ rights following a data breach at an insurance company; work on NAIC model laws regarding health information privacy, consumer financial and health information, safeguarding of consumer information, and insurance fraud prevention; and survey of states on cyber security measures. 

Beyond the NAIC’s work in this area, various US state insurance regulators have independently been focusing on cyber security issues. In particular, the New York Department of Financial Services (NYDFS) has raised heightened concerns regarding cyber security at entities that it regulates. Following upon its February 2015 Report on Cyber Security in the Insurance Sector, NYDFS issued an information request on 26 March 2015 to the largest insurers in New York requesting a confidential report on their cyber security measures by 27 April 2015. The request is quite detailed in the types of information regarding the insurers’ informational technology/cyber security framework that it demands. It covers issues ranging from the qualification requirements for an insurer’s chief technology officer and information risk management policies (including with respect to third-party vendors) to specific points such as multi-factor authentication and adherence to the NIST framework.
The answers to the request will be used by NYDFS to undertake a “comprehensive risk assessment of each institution” under its supervision. This request follows on the announcement NYDFS made when it released its February report on cyber security that it will “integrate regular, targeted assessments of cyber security preparedness at insurance companies as part of [its] examination process” going forward.

The current pronounced and increasing regulatory focus on cyber security in the insurance industry means that insurance companies, insurance producers and any service providers or vendors for the insurance industry should review their cyber security processes and procedures and prepare for increasing scrutiny and regulation in this area.
Clyde & Co LLP : http://bit.ly/1dutNw7

« Silicon Valley a Major Player in Cyberwarfare
Redefining Your Data Protection Strategy »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Techmeme

Techmeme

Techmeme is an online news curation service focused on leading edge technology, including cyber security.

F-Secure

F-Secure

F-Secure defends enterprises and consumers against everything from opportunistic ransomware infections to advanced cyber attacks.

Synopsys

Synopsys

Synopsys delivers trusted and comprehensive silicon to systems design solutions, from electronic design automation to silicon IP and system verification and validation.

Corero Network Security

Corero Network Security

Corero Network Security is dedicated to improving the security of the Internet through the deployment of its innovative DDoS & Network Security Solutions.

Datiphy

Datiphy

Datiphy's data-centric security platform uses behavioral analytics, and data-centric auditing and protection capabilities to mitigate risk.

SISA

SISA

SISA is a global forensics-driven cybersecurity solutions company, trusted by leading organizations for securing their businesses with robust preventive and corrective cybersecurity solutions.

Zanasi & Partners

Zanasi & Partners

Zanasi & Partners is a security research and advisory company active in the EU and MENA areas. Services focus on technology solutions.

Digital Ship

Digital Ship

Digital Ship provides news, information, conferences and events focused on digital ship systems, information technology and security relating to maritime operations.

Renesas Electronics

Renesas Electronics

Renesas Electronics delivers trusted embedded design innovation with solutions that enable billions of connected, intelligent devices to enhance the way people work and live - securely and safely.

Anitian

Anitian

The Anitian Compliance Automation platform builds, configures, and monitors cloud environments to accelerate compliance for standards such as FedRAMP, PCI, ISO/GDPR and CJIS.

Cobalt Iron

Cobalt Iron

Cobalt Iron is a global leader in SaaS-based enterprise backup and data protection technology.

ToucanX

ToucanX

ToucanX has eliminated remote attack vectors without sacrificing productivity. We’ve brought embedded near real time virtualization to the enterprise endpoint.

Information Services Group (ISG)

Information Services Group (ISG)

As a leading global research and advisory firm, ISG partners with our clients to determine a future vision, lead rapid change and realize the value of your digital investments at scale.

FastNetMon

FastNetMon

FastNetMon is a very high performance DDoS detection and mitigation tool which could detect malicious traffic in your network and immediately block it.

Torch.AI

Torch.AI

Torch.AI’s Nexus™ platform changes the paradigm of data and digital workflows, forever solving core impediments caused by the ever-increasing volume and complexity of information.

Liberty Technology

Liberty Technology

Liberty Technology has a host of highly trained, certified experts who assist our clients with immediate remote support as well as on-site service.