April 22, 2015

Security Initiatives: NAIC's Cybersecurity Task Force

By: Leslie Kosal

As a follow-up to our previous post from Tim Owen on producer security, Vertafore's Sircon team is closely monitoring initiatives in the industry today to not only protect producers, but the insurance industry as a whole.

How is the NAIC addressing these heightened changes in security?

NAIC Spring Meeting Recap

During their most recent national meeting, the NAIC made it apparent that a focus on cybersecurity is prevalent throughout the insurance world. Regardless of how well an individual, carrier, agency, etc. secures information, they are still vulnerable to a breach of information if they're sharing with a system that isn't as secure.

One commissioner summed up the idea in a short sentence: "A carrier is only as secure as their weakest vendor."

While standards and guidelines have long been established in the information technology world, until recently there have been no insurance-specific guiding principles. This is why the NAIC recently formed the new Cybersecurity Task Force, which has already drafted initial cybersecurity guiding principles.

The NAIC Spring meeting launched the Cybersecurity Task Force and the role this committee will play in insurance security.

Cybersecurity Task Force

The first ever Cybersecurity Task Force session was a packed house. The session included a review of the new group's goals, as well as information from Anthem on the security breach that has triggered much of industry's recent focus on security.

The Cybersecurity Task Force will undertake several responsibilities to ensure progress is being made. According to the NAIC website, they will report directly to the Executive Committee and specifically be responsible for the following in cybersecurity:

1.  Monitor developments in the area of cybersecurity.
2.  Advise, report and make recommendations to the Executive (EX) Committee on cybersecurity issues.
3.  Coordinate activities with NAIC standing committees and their task forces and working groups regarding cybersecurity issues.
4.  Represent the NAIC and communicate with other entities/groups, including the sharing of information as may be appropriate, on cybersecurity issues.
5.  Perform such other tasks as may be assigned by the Executive (EX) Committee relating to the area of cybersecurity

After the NAIC meeting, the Cybersecurity Task Force released an update to their guiding principles document, which can be found here.

The Future of Security

As part of our commitment to security, Vertafore is continually evolving and responsive to cyber security, including monitoring new national initiatives.

Staying up to date on these new initiatives in security is vital, as you will need to incorporate them into your compliance activities. In the future, carriers will also see additions to the areas that are reviewed by states during regulatory examinations.

The Sircon Team at Vertafore is currently reviewing the Cybersecurity Task Force draft principles and will be participating in the NAIC/NIPR e-Reg Conference next week

Did you like this post?

---