[Infowarrior] - Fwd: NY to assess insurance companies

Richard Forno rforno at infowarrior.org
Tue Feb 10 18:28:02 CST 2015 


> From: dan at geer.org
> 
> http://www.dfs.ny.gov/about/press2015/pr1502081.htm
> 
> Press Release
> 
>   February 8, 2015
>   Contact: Matt Anderson, 212-709-1691
> 
> NYDFS ANNOUNCES NEW, TARGETED CYBER SECURITY ASSESSMENTS FOR INSURANCE
> COMPANIES
> 
>   Benjamin M. Lawsky, Superintendent of Financial Services, today
>   announced the release of a Department of Financial Services (DFS)
>   report on cyber security in the insurance industry and a series of
>   measures that DFS will take to help strengthen cyber hacking defenses
>   at insurers. To view a copy of the report, please visit, [66]link.
> 
>   In the coming weeks and months, DFS will integrate regular, targeted
>   assessments of cyber security preparedness at insurance companies as
>   part of the Department's examination process; put forward enhanced
>   regulations requiring institutions to meet heightened standards for
>   cyber security; and examine stronger measures related to the
>   representations and warranties insurance companies receive from
>   third-party vendors, among other measures.
> 
>   Superintendent Lawsky said: "Recent cyber security breaches should
>   serve as a stern wake up call for insurers and other financial
>   institutions to strengthen their cyber defenses. Those companies are
>   entrusted with a virtual treasure trove of sensitive customer
>   information that is an inviting target for hackers. Regulators and
>   private sector companies must both redouble their efforts and move
>   aggressively to help safeguard this consumer data."
> 
>   DFS conducted a survey with respect to cyber security at a significant
>   cross-section of its regulated insurance companies. A total of 43
>   entities, with combined assets of approximately $3.2 trillion,
>   completed a survey seeking information about each participant's cyber
>   security program, costs, and future plans.
> 
>   Notably, the Department's analysis of the insurers surveyed found that
>   a wide array of factors - not just reported assets - affect the
>   sophistication and comprehensiveness of the insurers' cyber security
>   programs. In other words, although it may be expected that the largest
>   insurers would have the most robust and sophisticated cyber defenses,
>   the Department did not necessarily find that to be the case.
> 
>   Moreover, the Department found that 95 percent of insurers already
>   believe that they have adequate staffing levels for information
>   security and only 14 percent of chief executive officers receive
>   monthly briefings on information security. Recent cyber security
>   breaches at financial institutions and other major corporations should
>   serve as a wake up call for insurers to strengthen their cyber defenses
>   - particularly given the level of sensitive consumer information that
>   insurers are entrusted with handling.
> 
>   In addition to today's report and actions related to the insurance
>   industry, DFS has also taken a series of steps to help strengthen cyber
>   security in the banking sector. In [67]December 2014, DFS issued
>   industry guidance to all its regulated banks outlining the specific
>   issues and factors on which those institutions will be examined as part
>   of new targeted, DFS cyber security preparedness assessments. Among
>   other factors, banks will be examined on their protocols for the
>   detection of cyber breaches and penetration testing; corporate
>   governance related to cyber security; their defenses against breaches,
>   including multi-factor  authentication; and the security of their
>   third-party vendors.
> 
>   DFS has also issued a consumer alert for Anthem (the owner of Empire
>   Blue Cross Blue Shield) in light of the recent data breach at that
>   company. There are more than 4 million Empire Blue Cross Blue Shield
>   customers in New York. To view a copy of that consumer alert, please
>   visit, [68]link.
> 
>   ###
> 
>   Your browser does not support iFrames
> 
> References
> 
>  65. http://www.dfs.ny.gov/insurance/news1.htm
>  66. http://www.dfs.ny.gov/reportpub/dfs_cyber_insurance_report_022015.pdf
>  67. http://www.dfs.ny.gov/about/press2014/pr1412101.htm
>  68. http://www.dfs.ny.gov/consumer/alert_anthem_data_breach.htm
>

More information about the Infowarrior mailing list