US Cyber Security Insurance Developments

Uploaded on 2015-05-26 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

naic_logo.jpg

US insurance regulators have increased their scrutiny of cyber security measures of insurance companies in the light of significant cyber attacks against businesses, including insurance companies.

On 16 April 2015, the NAIC Cybersecurity Task Force adopted twelve “guiding principles” for effective cyber security by insurance companies. This adoption followed the inaugural meeting of the NAIC Cybersecurity Task Force at the NAIC Spring 2015 National Meeting on 29 March 2015. The guiding principles are brief and relatively broad. For example, Principle 2 provides that “Confidential and/or personally identifiable consumer information data that is collected, stored and transferred inside or outside of an insurer’s, insurance producer’s or other regulated entity’s network should be appropriately safeguarded”; similarly, Principle 4 provides that “Cyber security regulatory guidance for insurers and insurance producers must be flexible, scalable, practical and consistent with nationally recognized efforts such as those embodied in the National Institute of Standards and Technology (NIST) framework.”

In addition to the guiding principles, the NAIC Cybersecurity Task Force’s work plan includes development of a “Consumer Bill of Rights” that will set forth consumers’ rights following a data breach at an insurance company; work on NAIC model laws regarding health information privacy, consumer financial and health information, safeguarding of consumer information, and insurance fraud prevention; and survey of states on cyber security measures. 

Beyond the NAIC’s work in this area, various US state insurance regulators have independently been focusing on cyber security issues. In particular, the New York Department of Financial Services (NYDFS) has raised heightened concerns regarding cyber security at entities that it regulates. Following upon its February 2015 Report on Cyber Security in the Insurance Sector, NYDFS issued an information request on 26 March 2015 to the largest insurers in New York requesting a confidential report on their cyber security measures by 27 April 2015. The request is quite detailed in the types of information regarding the insurers’ informational technology/cyber security framework that it demands. It covers issues ranging from the qualification requirements for an insurer’s chief technology officer and information risk management policies (including with respect to third-party vendors) to specific points such as multi-factor authentication and adherence to the NIST framework.
The answers to the request will be used by NYDFS to undertake a “comprehensive risk assessment of each institution” under its supervision. This request follows on the announcement NYDFS made when it released its February report on cyber security that it will “integrate regular, targeted assessments of cyber security preparedness at insurance companies as part of [its] examination process” going forward.

The current pronounced and increasing regulatory focus on cyber security in the insurance industry means that insurance companies, insurance producers and any service providers or vendors for the insurance industry should review their cyber security processes and procedures and prepare for increasing scrutiny and regulation in this area.
Clyde & Co LLP : http://bit.ly/1dutNw7

« Silicon Valley a Major Player in Cyberwarfare
Redefining Your Data Protection Strategy »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

AvePoint

AvePoint

AvePoint is an established leader in enterprise-class data management, governance, and compliance software solutions.

RCMP Cybercrime Strategy

RCMP Cybercrime Strategy

The RCMP Cybercrime Strategy sets out in an Operational Framework and Action Plan to combat cybercrime.

Netteam

Netteam

Netteam designs, implements and services networking solutions for companies of all sizes.

Mitre

Mitre

At Mitre we work across government to tackle challenges to the safety, stability, and well-being of our nation. Areas of expertise include Cybersecurity.

ClassNK Consulting Service (NKCS)

ClassNK Consulting Service (NKCS)

ClassNK Consulting provides consulting services to the maritime industry with a focus on safety, security and compliance.

Action1

Action1

Action1 is a Cloud-based lightweight endpoint security platform that discovers all of your endpoints in seconds and allows you to retrieve live security information from the entire network.

OmniCyber Security

OmniCyber Security

Omni is a cyber security firm specialising in Penetration Testing, Managed Security and Compliance.

Axitea

Axitea

Axitea designs, implements and develops the solutions best suited to its customers’ needs and their physical and cyber security requirements.

BitTrap

BitTrap

BitTrap helps companies worldwide detect attackers and put an early end to breaches, preventing data exfiltration and ransomware altogether.

Alkira

Alkira

Alkira has reinvented networking for the cloud era by delivering the network cloud, the first global unified network infrastructure with on-demand hybrid and multi-cloud connectivity.

RiskOptics

RiskOptics

RiskOptics (formerly Reciprocity) equips organizations with one of the most intuitive and powerful information security and cyber risk management solutions in the market.

Commission Nationale de l'Informatique et des Libertés (CNIL)

Commission Nationale de l'Informatique et des Libertés (CNIL)

The mission of CNIL is to protect personal data, support innovation, and preserve individual liberties.

COGITANDA Dataprotect

COGITANDA Dataprotect

COGITANDA are a group of companies focused on dealing with cyber risks, managing them and insuring them.

Dedagroup (Deda)

Dedagroup (Deda)

Dedagroup provide application solutions and IT services to bring innovation at the core of business processes.

Synergy ECP

Synergy ECP

Synergy ECP has a talented, dedicated staff to provide a broad range of services to the defense and intelligence industries.

MODUS X

MODUS X

MODUS X is a Ukrainian IT product and service company created from the IT department of the DTEK Group of Companies.