This latest edition of Milliman Impact entitled “Bolstering insurers’ cyber defences” explores the efforts of U.S. insurance regulators to address cyber security risks.
Here’s an excerpt:
Unsurprisingly, insurer cyber security has become an important issue for US regulators in recent years.
In the spring of 2015, the New York insurance supervisor wrote to more than 160 insurers encouraging them to view cyber security as an integral aspect of their overall risk management strategy. It also announced enhancements to the IT examination framework to include more detailed questions on an insurer’s cyber security policies, protections, and procedures.
More significantly, the NAIC has engaged in a burst of activity, having taken the significant step of establishing a Cyber Task Force in November 2014.
Creating the task force demonstrates US insurance supervisors’ commitment to addressing cyber security in the insurance sector, according to Christine Fleming, claims management consultant at Milliman in Boston….
The task force’s comprehensive work plan and timetable speaks volumes to the significance and urgency that US insurance supervisors and commissioners now place on cyber security, explains Fleming.
The task force is concerned with both the protection of consumer data held by insurers and improved monitoring of insurers cyber underwriting activities and exposures. During 2015, the NAIC embarked on four major work streams:
• Establishing guiding principles on cyber regulation
• Creating a Consumer Bill of Rights
• Modernising examination protocols to include cyber security
• Including a cyber security statement in insurers annual statement