Insurance Industry Outlines Cyber Security Guidelines

The National Association of Insurance Commissioners recently published 12 principles, outlining a brave vision for cyber security in the insurance industry. While regulation seems clear and sufficient to some, it is clear that given the current state of affairs with data breaches impacting citizens from virtually every aspect of life, a more collective and proactive approach is a much-desired development.

 

Insurers don’t need us to tell them that the levels of uncertainty and degrees of possible risk have increased over the past couple years as a result of the changes of the threat landscape. The insurance industry’s pioneering approach to cyber insurance reflects a deep understanding of the nature of current and future threats, and encourages a more open and sincere discussion regarding the implications of a mass data breach or malicious intrusion.

 

Last week, Alfa Specialty Insurance Corporation notified around 86,000 individuals that their personal information was accidentally exposed online. In an official statement provided by Alfa, the company admitted that computer servers at a Tennessee location were inadvertently made accessible to the Internet and all potentially impacted individuals were being notified and offered free identity protection and credit monitoring services. The company’s immediate treatment and recovery from the incident was, by any account, swift and effective.

 

The 12 principles express a similar attitude, putting customer data confidentiality and organizational liability in the center. At the same time, insurers are urged to deploy incident-response programs and invest in appropriate steps to ensure third parties and service providers have similar security controls in place.

 

With the dramatic incline in healthcare data breaches resulting in (among other things) the compromise of insurance records, we are confident malicious actors will continue to target insurers in search of exploitable personally identifiable information. With growing investments on the side of health insurers, other insurance services shouldn’t find themselves lagging behind, becoming easier targets.

 

Recently announced Fortscale UBA v1.4 reduces incident response times, with enhanced behavioral models, better anomaly detection, and all new Operational Workflow Integration enabling live stream of Fortscale security insights into any third party using a standard SYSLOG interface to prioritize tasks and rapidly respond to threats. Read more about our latest release and schedule your demo time today.