On February 9, 2015, the New York State Department of Financial Services (“DFS”) released a report addressing cybersecurity in the New York insurance industry. DFS also announced a series of measures it will take to help improve insurers’ defenses against cyber hacking.
DFS’s Report on Cyber Security in the Insurance Sector was based on a survey of 43 insurance entities, 21 of which were health insurance providers, 10 of which were life insurance providers, and 12 of which were property/casualty insurance providers. The survey was conducted in 2013 and 2014. The survey’s findings included, among others, the following statistics:
- 35% of insurers experienced between 1-5 cybersecurity breaches in the 3 years preceding the survey
- 5% of insurers experienced more than 10 cybersecurity breaches
- 40% of insurers need more robust protocols to address cybersecurity risks
- 86% of chief executive officers are not regularly briefed on information security
- 23% of insurers suffered $250,000.00 or less in financial losses in the past 12 months as a result of cybersecurity breaches
In response to these findings, DFS will implement a number of initiatives to help strengthen DFS-regulated insurance companies’ cybersecurity measures. One of these initiatives will incorporate cybersecurity preparedness assessments into the department’s existing examination process. DFS will also implement enhanced regulations that will require insurers to meet heightened standards for cybersecurity. The department will also introduce tougher measures related to the representations and warranties insurance companies receive from third-party vendors dealing with online data storage and usage.
DFS has been making a concentrated effort to focus its attention on improving cybersecurity and providing guidance to help protect both financial institutions and their customers. In addition to releasing the report, DFS issued a consumer alert for Anthem (the owner of Empire Blue Cross Blue Shield) in light of the recent cybersecurity attack on the insurer. According to DFS, there are more than 4 million Empire Blue Cross Blue Shield customers in New York whose personal information may have been compromised. Following the massive attack on Anthem, President Obama’s top advisers also got involved, asking Congress to take actions that would strengthen consumer data protections.
PIB Law represents national banks, retailers, reinsurers, insurers, mortgage lenders and financial services companies from its offices in New Jersey, New York City, Philadelphia, Orange County, Boston, San Antonio, and Chicago. For more information on reinsurance and insurance issues, contact PIB Law at 908-725-9700.