New York's insurance regulator says his department has sent letters to 31 of the state's largest insurance companies asking what steps they are taking to keep data safe from cyber threats as part of the governor's effort to protect critical infrastructure and information systems.
“The extraordinarily sensitive health, personal, and financial information that New Yorkers entrust to their insurance companies is a virtual treasure trove for hackers,” says Gov. Andrew M. Cuomo, in a statement. “We're intensely focused on making sure that banks have the protections in place they need, but we always have to keep at least one eye on the lookout for the next big threat. It's vital that we stay ahead of the curve on cyber security because we know hackers aren't going to give us any breathing room.”
The New York Department of Financial Services, which regulates both the state's banks and insurers, sent carriers a “308 letter,” which legally requires them to respond to the request.
The department wants information on the “policies and procedures they have in place to protect against cyber-attacks.” Specifically, the state wants data on any cyber-attack the company has experienced the past three years; what safeguards they have in place; their information technology management policies; resources and spending dedicated to cyber security, and risk management controls the carrier has instituted.
Of the 31 companies 11 are P&C companies:
- American International Group
- Allstate
- Berkshire Hathaway (GEICO)
- Chubb
- The Hartford
- Liberty Mutual
- Nationwide
- Progressive
- State Farm
- Tower Group
- Travelers
The request is part of Cuomo's initiative to create the Cyber Security Advisory Board, co-chaired by Superintendent of Financial Services Benjamin M. Lawsky, to advise on developments in cyber security and make recommendations to protect information systems.
Lawsky says cyber security is an issue overlooked at insurance companies, but protecting the sensitive customer data they handle is “too important to get caught in a blind spot.” A similar request for information was sent to the largest banks earlier this year.
“We need to make sure that those insurance records are protected from hack attacks that could put New Yorkers at risk,” he adds, in a statement.
New York Insurance Association President Ellen Melchionni says insurers “take their duty to protect their customers very seriously—which includes the security of policyholder information.”
She says her association will work collaboratively with regulators. Both parties share the same goal—to protect consumers, Melchionni adds.
© Touchpoint Markets, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.