Insurance Industry Cybersecurity IT Assistance Service

Insurance Industry 
Cybersecurity IT Assistance Service

Insurance Companies and Brokers are facing increased requirements from State Departments of Insurance, regarding their need for a robust IT Cybersecurity Program, which includes the following elements:
  • Risk Assessment and Research
  • Written Cybersecurity Policies and Procedures
  • IT Backup, Disaster Recovery, and Business Continuity Plans
  • Access Restrictions
  • Patch and Vulnerability Management and Scans
  • Penetration Testing
  • Password Policy
  • CISO – Chief Information Security Officer
  • Cybersecurity Personnel or Third-Party Service Provider Security Policy
  • Incident Response Plans
  • Data Retention Policies
  • Training and Monitoring
  • Encryption of HIPAA protected information
  • Audit Trail
  • Vetting of all third party vendors involved in handling or processing data
…and many more.

Your company is responsible to be in compliance with all aspects of this program and to supervise it even if you outsource the capabilities to third-parties. Many carriers and brokers are facing the need to put a Cybersecurity program in place or enhance their current approach as the DOI scrutiny increases in this area.

System Infrastructure Innovators staff have decades of experience with insurance (Life and P&C), IT applications, infrastructure and security and experience in meeting and responding to regulatory requirements. We assist our clients in establishing Cybersecurity programs that will meet regulatory requirements and in designing and implementing IT solutions to respond to or prepare for a State Department of Insurance IT Examination. 

For example, the New York State Department of Financial Services Cybersecurity Regulation is regarded as a template for many other state’s cybersecurity regulations. Here are a few key provisions of that regulation that SII can help to determine if your company is in compliance and if not, help you get there:
  • You must designate a CISO for your firm.
  • You must have a cybersecurity program and written IT Security Policies to protect your IT systems and data.
  • If your company uses third-party service providers, you must have written policies to protect the information systems that are accessible to them.
  • You must also perform due diligence on your third-party providers to assess THEIR security and ensure that they follow your IT Security Policies.
  • You must file an annual compliance certification.
  • You must provide cybersecurity training.
  • You must employ technology controls for cybersecurity.
Can you comply with the above? This is only a small part of the New York State regulation. What does your State require? System Infrastructure Innovators can help you get compliant and stay compliant. Click here to contact us.
Podcast: Cyber Regulations & Business Risks

Insurance Companies and many Brokerage Groups are facing increased scrutiny by Departments of Insurance in their examinations of their Cyber Security Practices. While New York State has taken the lead in this area, most other state DOI’s are adopting similar regulatory review structures. Many insurance companies are finding an immediate need to put in place new policies and processes to improve or strengthen their cybersecurity posture and need to understand the gaps between their current state and where they need to be. Other companies have had exams and need assistance in responding to a regulatory exam of their cybersecurity readiness and need to develop specific plans to address deficiencies. 
On this podcast, Jim Klinck from System Infrastructure Innovators, along with Christa Rapoport, from Nelson Taplin Goldwater, and Tim Pazda, from BlackStratus, discuss the impact of Cybersecurity and its effects on the insurance industry and regulations. They offer their suggestions and ideas on specific cybersecurity problems, share their insight on being proactive, and describe in detail how companies can prepare for an attack as well as respond and recover from it. They also discuss specific states and their corresponding regulations when it comes to cybersecurity laws.  

“You can’t protect the data if you don’t understand where it is and what you’re collecting.” 

– Jim Klinck, Executive Consultant, System Infrastructure Innovators
Share by: