Wall Street regulator weighing insurance industry cyber rules
New York’s top financial watchdog will conduct cybersecurity spot checks on insurers that could lead to new regulations for the industry, following the massive data breach at health insurer Anthem Inc.
{mosads}“Recent cyber security breaches should serve as a stern wake up call for insurers and other financial institutions to strengthen their cyber defenses,” said Benjamin Lawsky, the New York Department of Financial Services (NYDFS) superintendent, in a statement on Monday.
Lawsky has made cybersecurity a focus during his tenure as one of Wall Street’s top cops. In December, his agency revealed it was toughening its cybersecurity exams for the financial sector. It has also been moving forward with strict disclosure requirements for banks using virtual currencies.
In the coming months, Lawsky will turn his department’s focus to insurers. The industry has received considerable attention following the Anthem hack, thought to be the largest health insurance breach to date, exposing 80 million customers’ personal information.
New York state has more than four million of the 80 million customers whose information might have been compromised by the cyberattack.
“Those companies are entrusted with a virtual treasure trove of sensitive customer information that is an inviting target for hackers,” Lawsky said.
NYDFS will begin conducting tests of insurance companies “cybersecurity preparedness,” the department said. Based on its findings, it expects to issue new security standards for the industry.
“Regulators and private sector companies must both redouble their efforts and move aggressively to help safeguard this consumer data,” Lawsky said.
The announcement is timed with the release of an NYDFS report on insurers’ cyber defenses.
The department investigated the security programs at 43 insurance providers, 21 of which were health insurers.
Fifty-eight percent of these insurers said they had not experienced a cybersecurity breach in the last three years. A robust 95 percent thought their security departments were adequately staffed.
But NYDFS also highlighted the fact that only 14 percent of these companies’ CEOs received monthly briefings on information security.
NYDFS wants these briefings to happen on a more structured and regular basis, “particularly given the level of sensitive consumer information that insurers are entrusted with handling.”
Copyright 2024 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed..