Cybersecurity Policies for the Insurance Industry

Uploaded on 2015-05-07 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

Sutherland-CybersecurityandPrivacyInsight-blog-Banner-1292015.jpg

Shortly after the discovery of a cybersecurity breach at the health insurance company Anthem, Inc., the National Association of Insurance Commissioners (NAIC) called for a multi-state examination of Anthem’s cybersecurity practices to determine what protections were in place and what actions could have been taken to minimize data losses.  The examination is currently underway and led by insurance regulators from California, Indiana, Maine, Missouri, New Hampshire, North Dakota and South Carolina.  It should be noted that while this appears to be the first large scale multi-state examination of an insurer’s cybersecurity practices, some insurance departments, such as Connecticut, have already been conducting review of an insurer’s cybersecurity policies and procedures as part of its regular examinations.
Subsequently, NAIC released for comment two draft documents on cybersecurity. The first draft document, developed by NAIC’s recently created Cybersecurity Task Force, is entitled “Principles for Effective Cybersecurity Insurance Regulatory Guidance” (the Principles).  The Principles were designed to help state insurance departments identify cybersecurity risk and establish uniform standards to protect against it. The Principles also identify ways in which state regulators and NAIC can work with the insurance industry to flag these risks and work together on meaningful solutions.
The second draft document, developed by NAIC’s Property and Casualty Insurance Committee, is NAIC’s “Annual Statement Supplement for Cybersecurity Policies” (the Supplement).  The Supplement reviews recent cybersecurity exposures.
In addition to NAIC’s multi-state examination of Anthem, and its release of the draft Principles and Supplement, the New York State Department of Financial Services (NYDFS) is also looking into insurers’ cybersecurity practices.  NYDFS recently released the results of its cybersecurity survey of insurance companies. The survey inquired about insurers’ current and future cybersecurity programs, including their use of third-party vendors.  Forty-three insurance companies responded to the survey and provided insight into existing and planned cybersecurity programs, as well as the nature of measures taken by them to safeguard sensitive data and/or to protect against loss due to security incidents.
NYDFS is the principal regulator for insurance companies operating in the State of New York, as well as certain financial entities and other financial institutions. NAIC is the US standard-setting and regulatory support organization created and governed by the chief insurance regulators from the 50 states, the District of Columbia and five US territories.
JD Supra: http://bit.ly/1EVuxGr

« US Defense Secretary Defines New Cybersecurity Strategy
Russian Hackers Have Been Reading Obama’s Emails »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Morgan Lewis Law

Morgan Lewis Law

Morgan Lewis is an international law firm with offices in North America, Europe, Asia, and the Middle East. Practice areas include Privacy and Cybersecurity.

AA Certification (AAC)

AA Certification (AAC)

AAC provide ISO Quality Management System certification services including ISO 27001.

GrammaTech

GrammaTech

GrammaTech is a leading developer of software-assurance tools and advanced cyber-security solutions.

Kent Interdisciplinary Research Centre in Cyber Security (KirCCS) - University of Kent

Kent Interdisciplinary Research Centre in Cyber Security (KirCCS) - University of Kent

KirCCS harnesses expertise across Kent University to address current and potential cyber security challenges.

Securi-Tay

Securi-Tay

Securi-Tay is an information Security conference held by the Ethical Hacking Society at Abertay University, Dundee.

Global Learning Systems (GLS)

Global Learning Systems (GLS)

Global Learning Systems provides security awareness and compliance training programs for employees that effectively promote behavior change and protect your organization.

Haystax Technology

Haystax Technology

Haystax’s security analytics platform applies artificial intelligence techniques to identify and prioritize threats in real time.

Ipsidy

Ipsidy

Our identity platform enables mobile users to more easily authenticate their identity to a mobile phone or portable device of their choosing.

OneWelcome

OneWelcome

Onegini and iWelcome have merged to become OneWelcome, the largest European Identity Access Management Saas Vendor.

VietSunshine

VietSunshine

VietSunshine is a leading provider of network security infrastructure and solutions in Vietnam.

Cyfirma

Cyfirma

CYFIRMA offers Cyber threat visibility and intelligence suite and services aimed at keeping your organization’s cybersecurity posture up-to-date.

EvoNexus

EvoNexus

EvoNexus is a technology startup incubator with locations in San Diego, Orange County, and Silicon Valley.

Guardara

Guardara

Guardara's mission is to help our customers to continuously improve in every aspect of software development.

Cyber Griffin

Cyber Griffin

Founded by the City of London Police in 2017, Cyber Griffin is an initiative that supports businesses and individuals in the Square Mile to protect themselves from cyber crime.

Vali Cyber

Vali Cyber

Vali Cyber was founded in 2020 with the mission of addressing the specific cybersecurity needs of Linux.

Proaxiom

Proaxiom

Proaxiom are focused on erasing cyber driven panic paralysis for Small and Medium Enterprises through brilliant cyber technologies which drive productivity and support growth.

Jersey Cyber Security Centre (JCSC)

Jersey Cyber Security Centre (JCSC)

Jersey Cyber Security Centre is the jurisdiction's Cyber Emergency Response Team (CERT) and national technical authority for cyber security.