US Cyber Security Insurance Developments

Uploaded on 2015-05-26 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

naic_logo.jpg

US insurance regulators have increased their scrutiny of cyber security measures of insurance companies in the light of significant cyber attacks against businesses, including insurance companies.

On 16 April 2015, the NAIC Cybersecurity Task Force adopted twelve “guiding principles” for effective cyber security by insurance companies. This adoption followed the inaugural meeting of the NAIC Cybersecurity Task Force at the NAIC Spring 2015 National Meeting on 29 March 2015. The guiding principles are brief and relatively broad. For example, Principle 2 provides that “Confidential and/or personally identifiable consumer information data that is collected, stored and transferred inside or outside of an insurer’s, insurance producer’s or other regulated entity’s network should be appropriately safeguarded”; similarly, Principle 4 provides that “Cyber security regulatory guidance for insurers and insurance producers must be flexible, scalable, practical and consistent with nationally recognized efforts such as those embodied in the National Institute of Standards and Technology (NIST) framework.”

In addition to the guiding principles, the NAIC Cybersecurity Task Force’s work plan includes development of a “Consumer Bill of Rights” that will set forth consumers’ rights following a data breach at an insurance company; work on NAIC model laws regarding health information privacy, consumer financial and health information, safeguarding of consumer information, and insurance fraud prevention; and survey of states on cyber security measures. 

Beyond the NAIC’s work in this area, various US state insurance regulators have independently been focusing on cyber security issues. In particular, the New York Department of Financial Services (NYDFS) has raised heightened concerns regarding cyber security at entities that it regulates. Following upon its February 2015 Report on Cyber Security in the Insurance Sector, NYDFS issued an information request on 26 March 2015 to the largest insurers in New York requesting a confidential report on their cyber security measures by 27 April 2015. The request is quite detailed in the types of information regarding the insurers’ informational technology/cyber security framework that it demands. It covers issues ranging from the qualification requirements for an insurer’s chief technology officer and information risk management policies (including with respect to third-party vendors) to specific points such as multi-factor authentication and adherence to the NIST framework.
The answers to the request will be used by NYDFS to undertake a “comprehensive risk assessment of each institution” under its supervision. This request follows on the announcement NYDFS made when it released its February report on cyber security that it will “integrate regular, targeted assessments of cyber security preparedness at insurance companies as part of [its] examination process” going forward.

The current pronounced and increasing regulatory focus on cyber security in the insurance industry means that insurance companies, insurance producers and any service providers or vendors for the insurance industry should review their cyber security processes and procedures and prepare for increasing scrutiny and regulation in this area.
Clyde & Co LLP : http://bit.ly/1dutNw7

« Silicon Valley a Major Player in Cyberwarfare
Redefining Your Data Protection Strategy »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

SC Media

SC Media

SC Media arms information security professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face.

Lastline

Lastline

Lastline is the leader in advanced malware protection.

Granite Partners

Granite Partners

Granite is a cloud service for the development of business risk management, cyber security and privacy and occupational safety and health.

SKOUT Secure Intelligence

SKOUT Secure Intelligence

SkOUT Secure Intelligence (formerly Oxford Solutions) provides cyber security monitoring services to organizations around the globe.

Netmarks Indonesia (NMID)

Netmarks Indonesia (NMID)

Netmarks Indonesia is an IT solutions provider offering services related to ICT infrastructure, digital transformation and cyber security.

Digital Security

Digital Security

Digital Security is an Ecuadorian company specialized in providing comprehensive information security solutions.

Clavis Information Security

Clavis Information Security

Clavis is an Information Security company offering a complete portfolio of solutions from Pentesting and Security Assessments to Managed Security Services and Training.

CM Blockchain Security Center

CM Blockchain Security Center

We are dedicated to building a healthier blockchain ecosystem, providing solutions to security technology, and helping those who practice in the area of blockchain to get insight into industry trends.

Qrator Labs

Qrator Labs

Qrator Labs is a leader in DDoS attack mitigation, helping organizations protect their websites from the most harmful, sophisticated DDoS attacks.

Informer

Informer

Informer provides an Attack Surface Management SaaS platform alongside penetration testing services. We combine machine learning and human intelligence to reduce cyber risk.

IT Acceleration

IT Acceleration

IT Acceleration is a full-service IT management and support, IT compliance and Digital Forensics company.

Spotit

Spotit

Spotit offers a wide-ranging portfolio of technologies and services, from consultancy, assessments and pentesting to the set up of completely new security and network infrastructures.

Riskonnect

Riskonnect

Riskonnect technology empowers organizations with the ability to anticipate, manage, and respond in real-time to strategic, operational, and digital risks across the extended enterprise.

ProjectDiscovery

ProjectDiscovery

ProjectDiscovery is an open-source, cybersecurity company that builds a range of software for security engineers and developers.

Togggle

Togggle

Togggle offers seamless identity verification solutions and distributed infrastructure, enabling organizations to combat fraud and ensure compliance with data protection regulations.

Vorlon

Vorlon

Vorlon's agentless patent-pending solution facilitates risk profiling of apps, and provides AI-driven behavioral analytics with response recommendations.