Cybersecurity Issues in Insurance: Recent Trends and Developments

In January 2015, health insurer Anthem, Inc. announced a major cyber breach that compromised the private health and personal information of approximately 80 million customers. Anthem has projected its cost stemming from this breach at upwards of $230 million, which will include the expense of future cybersecurity protection for affected and future customers. The attack was a critical reminder that more businesses, especially insurers, will be forced to confront cybersecurity issues into the foreseeable future. Fortunately, businesses, along with the federal and many state governments, heeded the lessons from Anthem’s attack and undertook varying measures that yielded significant developments in cybersecurity just within the past year.

Cyber or data security encompasses the processes, procedures, technologies, and preventative measures used to protect information stored electronically on network systems from the threat of unauthorized disclosure. Threats originate from outsiders, such as hackers, organized criminal networks, and even foreign governments, as well as organizational insiders such as disgruntled employees and third party vendors. Insurance companies are particularly at risk from cyber attacks and other data breaches because of the large amount of private information on their policyholders that they store on their systems. Breaches can result in this information being compromised and potentially exploited by criminals, resulting in substantial exposure to the insurer.

It is therefore not surprising that insurance regulators have taken measures to evaluate the effectiveness of insurance companies’ cyber defenses. Almost every state has enacted some sort of cybersecurity legislation, and over half of the state legislatures introduced or considered bills dealing with data breach notification requirements in 2015. Additionally, state regulators, individually and through the National Association of Insurance Commissioners (NAIC), have issued new guidance for insurers to consider in developing their cyber-defenses and related protocols.

Continue reading via the View Media link.