Cybersecurity Policies for the Insurance Industry

Uploaded on 2015-05-07 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

Sutherland-CybersecurityandPrivacyInsight-blog-Banner-1292015.jpg

Shortly after the discovery of a cybersecurity breach at the health insurance company Anthem, Inc., the National Association of Insurance Commissioners (NAIC) called for a multi-state examination of Anthem’s cybersecurity practices to determine what protections were in place and what actions could have been taken to minimize data losses.  The examination is currently underway and led by insurance regulators from California, Indiana, Maine, Missouri, New Hampshire, North Dakota and South Carolina.  It should be noted that while this appears to be the first large scale multi-state examination of an insurer’s cybersecurity practices, some insurance departments, such as Connecticut, have already been conducting review of an insurer’s cybersecurity policies and procedures as part of its regular examinations.
Subsequently, NAIC released for comment two draft documents on cybersecurity. The first draft document, developed by NAIC’s recently created Cybersecurity Task Force, is entitled “Principles for Effective Cybersecurity Insurance Regulatory Guidance” (the Principles).  The Principles were designed to help state insurance departments identify cybersecurity risk and establish uniform standards to protect against it. The Principles also identify ways in which state regulators and NAIC can work with the insurance industry to flag these risks and work together on meaningful solutions.
The second draft document, developed by NAIC’s Property and Casualty Insurance Committee, is NAIC’s “Annual Statement Supplement for Cybersecurity Policies” (the Supplement).  The Supplement reviews recent cybersecurity exposures.
In addition to NAIC’s multi-state examination of Anthem, and its release of the draft Principles and Supplement, the New York State Department of Financial Services (NYDFS) is also looking into insurers’ cybersecurity practices.  NYDFS recently released the results of its cybersecurity survey of insurance companies. The survey inquired about insurers’ current and future cybersecurity programs, including their use of third-party vendors.  Forty-three insurance companies responded to the survey and provided insight into existing and planned cybersecurity programs, as well as the nature of measures taken by them to safeguard sensitive data and/or to protect against loss due to security incidents.
NYDFS is the principal regulator for insurance companies operating in the State of New York, as well as certain financial entities and other financial institutions. NAIC is the US standard-setting and regulatory support organization created and governed by the chief insurance regulators from the 50 states, the District of Columbia and five US territories.
JD Supra: http://bit.ly/1EVuxGr

« US Defense Secretary Defines New Cybersecurity Strategy
Russian Hackers Have Been Reading Obama’s Emails »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

IOActive

IOActive

IOActive serves as a trusted security advisor to the Global 500 and other progressive enterprises, helping to safeguard their most important assets and improve their overall security posture.

Canadian Centre for Cyber Security (CCCS)

Canadian Centre for Cyber Security (CCCS)

The Cyber Centre is the single unified source of expert advice, guidance, services and support on cyber security for government, critical infrastructure, the private sector and the public.

ClickDatos

ClickDatos

ClickDatos specializes in consulting, auditing, data protection training, accredited by ISO/IEC 27001 certification.

BlackBerry Cybersecurity

BlackBerry Cybersecurity

Blackberry provides intelligent security software and services to enterprises and governments around the world.

Raytheon Technologies

Raytheon Technologies

Raytheon Intelligence & Space delivers solutions that protect every side of cyber for government agencies, businesses and nations.

SafeBreach

SafeBreach

SafeBreach's platform simulates hacker breach methods across the entire kill chain to identify breach scenarios in your environment before an attacker does.

Codified Security

Codified Security

Codified is a testing platform for mobile application software. We make it easier than ever for companies to detect and fix security vulnerabilities and ensure their applications are compliant.

QA

QA

QA is a leading IT training provider in the UK with over 1,500 courses covering all areas of IT including Cyber Security.

NFIR

NFIR

NFIR is a specialist in the field of cyber security incident response and digital forensics.

Swascan

Swascan

Swascan is the first all-in-one, GDPR Compliant, Cloud Security Suite Platform. GDPR Assessment, Web Application Scan, Network Scan, Code Review.

Guardian Data Destruction

Guardian Data Destruction

Guardian Data Destruction provides a comprehensive suite of onsite e-data destruction services.

Crosspring

Crosspring

Crosspring is an incubator/accelerator for people who have the ambition to start a successful business or want to extend their existing business in the areas of FinTech, AR, VR, Cybersecurity and SaaS

Crypto International

Crypto International

Crypto International offers comprehensive services for the operation of our customers’ IT and communication infrastructure, with a focus on cybersecurity and encryption solutions.

CampusGuard

CampusGuard

CampusGuard focuses on the cybersecurity and compliance needs of campus-based organizations including higher education, healthcare, and state and local government.

Lakera

Lakera

Lakera empowers developers and organizations to build GenAI applications without worrying about AI security risks.

Tracebit

Tracebit

Tracebit uses decoys to detect and respond to cloud intrusions in minutes.