US Cyber Security Insurance Developments

Uploaded on 2015-05-26 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

naic_logo.jpg

US insurance regulators have increased their scrutiny of cyber security measures of insurance companies in the light of significant cyber attacks against businesses, including insurance companies.

On 16 April 2015, the NAIC Cybersecurity Task Force adopted twelve “guiding principles” for effective cyber security by insurance companies. This adoption followed the inaugural meeting of the NAIC Cybersecurity Task Force at the NAIC Spring 2015 National Meeting on 29 March 2015. The guiding principles are brief and relatively broad. For example, Principle 2 provides that “Confidential and/or personally identifiable consumer information data that is collected, stored and transferred inside or outside of an insurer’s, insurance producer’s or other regulated entity’s network should be appropriately safeguarded”; similarly, Principle 4 provides that “Cyber security regulatory guidance for insurers and insurance producers must be flexible, scalable, practical and consistent with nationally recognized efforts such as those embodied in the National Institute of Standards and Technology (NIST) framework.”

In addition to the guiding principles, the NAIC Cybersecurity Task Force’s work plan includes development of a “Consumer Bill of Rights” that will set forth consumers’ rights following a data breach at an insurance company; work on NAIC model laws regarding health information privacy, consumer financial and health information, safeguarding of consumer information, and insurance fraud prevention; and survey of states on cyber security measures. 

Beyond the NAIC’s work in this area, various US state insurance regulators have independently been focusing on cyber security issues. In particular, the New York Department of Financial Services (NYDFS) has raised heightened concerns regarding cyber security at entities that it regulates. Following upon its February 2015 Report on Cyber Security in the Insurance Sector, NYDFS issued an information request on 26 March 2015 to the largest insurers in New York requesting a confidential report on their cyber security measures by 27 April 2015. The request is quite detailed in the types of information regarding the insurers’ informational technology/cyber security framework that it demands. It covers issues ranging from the qualification requirements for an insurer’s chief technology officer and information risk management policies (including with respect to third-party vendors) to specific points such as multi-factor authentication and adherence to the NIST framework.
The answers to the request will be used by NYDFS to undertake a “comprehensive risk assessment of each institution” under its supervision. This request follows on the announcement NYDFS made when it released its February report on cyber security that it will “integrate regular, targeted assessments of cyber security preparedness at insurance companies as part of [its] examination process” going forward.

The current pronounced and increasing regulatory focus on cyber security in the insurance industry means that insurance companies, insurance producers and any service providers or vendors for the insurance industry should review their cyber security processes and procedures and prepare for increasing scrutiny and regulation in this area.
Clyde & Co LLP : http://bit.ly/1dutNw7

« Silicon Valley a Major Player in Cyberwarfare
Redefining Your Data Protection Strategy »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Logscape

Logscape

Logscape provides a big data analytical tool for log file analysis and operational analytics.

XCure Solutions

XCure Solutions

XCure Solutions are a Finnish company specializing in data security, data protection and data recovery.

ECOS Technology

ECOS Technology

ECOS Technology specializes in the development and sale of IT solutions for high-security remote access as well as the management of certificates and smart cards.

BHC Laboratory

BHC Laboratory

BHC Laboratory is a cyber capabilities’ development company for a wide range of global customers.

H3Secure

H3Secure

H3 Secure focuses on Secure Data Erasure Solutions, Mobile Device Diagnostics and Information Technology Security Consulting.

AXELOS

AXELOS

AXELOS develops best practice frameworks and methodologies used globally by professionals working primarily in IT management and cyber resilience.

Smart Protection

Smart Protection

Smart Protection are experts in brand and trademark protection - we fight against counterfeits and unauthorized usages of brands with machine learning technology.

ePLDT

ePLDT

ePLDT delivers best-in-class digital business solutions that include Cloud, Cyber Security, purpose-built Data Center facilities and Managed IT Services.

Adarma Security

Adarma Security

Adarma are specialists in threat management including SOC design, build & operation.

Panther Labs

Panther Labs

Panther’s mission is to make security monitoring fast, flexible and scalable for all security teams.

eCentre@LindenPointe

eCentre@LindenPointe

The eCenter@LindenPointe provides assistance to the development, management and promotion of STEM (Science, Technology, Engineering, Mathematics) related business ventures.

Cyber Security Council UAE

Cyber Security Council UAE

The Cyber Security Council's vision is to protect UAE cyberspace, maintain confidence in our digital infrastructure and institutions, and build a cyber-resilient society.

Confidencial

Confidencial

Confidencial is a provider of solutions that help organizations secure their most sensitive information, regardless if that information exists inside or is shared outside the organization.

Knostic

Knostic

Knostic is an early stage startup developing a risk management and governance platform designed for enterprise large language models (LLM).

Zyxel Networks

Zyxel Networks

Zyxel Networks is a leading provider of secure, AI-powered networking solutions for small to medium businesses (SMBs) and the enterprise edge.

Hanwha Systems

Hanwha Systems

Hanwha Systems is a global company based in South Korea providing defense electronics and smart ICT solutions.