Though the National Association of Insurance Commissioners established a cybersecurity task force following its January meeting, the agency’s keen interest in the insurance industry’s cybersecurity practices was well known, carriers and observers tell Insurance Networking News.
NAIC actually created the cybersecurity task force late last year, notes Thomas Dunbar, chief information risk officer for XL Group.” There was little information on the group, but it was expected that the charges for this group will include both cyber insurance issues as well as data standard issues. Time will tell how this committee evolves and addresses items such as the various state privacy requirements,” Dunbar continues. “Perhaps this will help drive the industry to a nationwide standard of protection and direction.”
See also:
Even before the initial task force was sketched out, the NAIC has a history of examining data security, according to Alex Hageli, director of personal lines policy at the Property Casualty Association of America.
“A few key commissioners at the NAIC were heavily involved in an effort a few years ago to increase department of insurance involvement with insurer data breach notification and reporting, so in one sense this is really more the culmination of prior interest and activity,” Hageli said. “With recent breaches, there’s much greater attention to this space at the NAIC. And the creation of a task force is a more formal approach than what preceded it.”
Insurers can expect to be surveyed, Hageli said, and should be abreast to discussions happening both in Congress and within the industry. After all, insurers are not only stewards of their own data, but insure risk associated with cyber threats at large.
“Cybersecurity is a key priority for the industry as insurers provide protection against the risk from cyber-attacks,” Hageli said. “Insurers also want to better underwrite the product as well as protect policyholder data.”
And that data is gathered and stored in an increasing number of channels. Novarica analyst Tom Benton said that in November, the NAIC said it will consider issues “such as information stored at carriers and at NAIC, consumer information collected by insurers, connected devices as new channels for cyber threats and information collected by carriers offering cybersecurity protection products.
