Navigating Cyber Security Risks and Regulatory Challenges in Today's Insurance Market
By Jessica Lasher, National Life Group
I recently attended an IASA eLearning webinar entitled “The Changing Face of Cyber Security Risk and Regulation." The speakers of the session, Jerry Ravi, Venkat Rao, and Jack Hewitt provided their respective industry insights on the Cyber Security landscape as it related to both cyber security risks to an organization and the regulatory compliance requirements that it will likely face going forward.
Jerry Ravi, a Partner at EisnerAmper LLP tapped into his Enterprise risk management background to set the stage on the cyber security risk landscape that insurers currently face. Jerry walked attendees through the changing data model and the increasing influence digital initiatives have in the insurance industry. With this changing model and migration to a world of mobile micro-insurance, wearables, smart contracts and commercial drone usage, it was clear to me that the cyber security risks are continuously increasing. Jerry led the presentation off with the adage “An ounce of prevention is worth a pound of cure” and provided some facts about the costs of a breach that reinforced this idea, most interestingly he noted that the average cost of a data breach is $4 million.
What I found troubling was that many data breaches are the result of insider negligence, whereby an employee clicks on links that allow ransomware and phishing attacks to infiltrate an organizations network. In many cases, an organization may not know that it has been compromised or that a breach has occurred, and as a result the theft and loss may continue undetected. This was an unsettling group of facts that highlighted the importance of prevention and justified the steps the regulators are taking to protect consumers.
Venkat Rao, a Director with EisnerAmper’s Global Compliance and Regulatory Solutions group then kicked off what the remainder of the presentation focused on which was the current regulatory landscape of cyber security. Venkat discussed the evolution of the cyber security regulatory environment and drew attention to several key themes from the various regulatory initiatives: Governance and Risk Assessments, Safeguard Customer Data, Breach Reporting, Periodic Testing, AML implications, and Training. Venkat then provided some real life examples of instances where data breaches exposed deficiencies as it related to the organization’s compliance with regulations. Perhaps the most interesting was a case where a company did not properly restrict sensitive data and as a result data that an employee was able to transfer to a personal server was stolen and offered up for sale on the internet.
Jack Hewitt a Partner at Pastore & Dailey LLC went into detail on the newly adopted NYDFS cyber security rules and regulations. With the growing emphasis on cyber security policies and procedures, it became clear to me that the NYDFS rules were perhaps the first of many state regulators looking to formalize rules and regulations around cyber security.
The speakers did a great job highlighting the cyber landscape and sharing their perspectives based on their respective fields and areas of expertise. I highly recommend this webinar to everyone in the insurance industry as it provides a great snapshot of cyber security risks and regulatory challenges within our industry. This webinar is archived in IASA’s member-only archives and has also been made available to the public as part of an IASA membership marketing initiative. You can find this on-demand event at www.iasa.org/iasamembership.
Return to July eInterpreter