Cybersecurity is top of mind for insurers following the implementation of New York State’s new cybersecurity regulations this past March. While these currently only affect carriers operating in NY, other states seem likely to adopt versions of the NYS regulations rather than wait on the NAIC’s Model Law. These regulations are notable for their unprecedented standards and strict requirements, including instituting a formal CISO, documenting policies, and submitting to regular assessments. Despite having until February 2018 to comply with the new regulations, carriers are already anticipating shifts in both resources and strategies.

One of the greatest challenges insurers will face in light of these new regulations will be hiring a dedicated CISO, as they come with a hefty price tag and are in relatively short supply. This will be especially difficult for small carriers that may need to consider partnering with certified vendors that would operate on behalf of the insurer and be subject to the same regulatory standards as the carrier. While many mid-sized insurers will name their CIO or COO the CISO with a domain expert to support them, Novarica believes that hiring a designated CISO is a good idea given the risks and complexity involved.

Register or login for access to this item and much more

All Digital Insurance content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access