April 22, 2015
Security Initiatives: NAIC's Cybersecurity Task Force
By: Leslie Kosal
As a follow-up to our previous post from Tim Owen on producer security, Vertafore's Sircon team is closely monitoring initiatives in the industry today to not only protect producers, but the insurance industry as a whole.
How is the NAIC addressing these heightened changes in security?
NAIC Spring Meeting Recap
During their most recent national meeting, the NAIC made it apparent that a focus on cybersecurity is prevalent throughout the insurance world. Regardless of how well an individual, carrier, agency, etc. secures information, they are still vulnerable to a breach of information if they're sharing with a system that isn't as secure.
One commissioner summed up the idea in a short sentence: "A carrier is only as secure as their weakest vendor."
While standards and guidelines have long been established in the information technology world, until recently there have been no insurance-specific guiding principles. This is why the NAIC recently formed the new Cybersecurity Task Force, which has already drafted initial cybersecurity guiding principles.
The NAIC Spring meeting launched the Cybersecurity Task Force and the role this committee will play in insurance security.
Cybersecurity Task Force
The first ever Cybersecurity Task Force session was a packed house. The session included a review of the new group's goals, as well as information from Anthem on the security breach that has triggered much of industry's recent focus on security.
The Cybersecurity Task Force will undertake several responsibilities to ensure progress is being made. According to the NAIC website, they will report directly to the Executive Committee and specifically be responsible for the following in cybersecurity:
1. Monitor developments in the area of cybersecurity.
2. Advise, report and make recommendations to the Executive (EX) Committee on cybersecurity issues.
3. Coordinate activities with NAIC standing committees and their task forces and working groups regarding cybersecurity issues.
4. Represent the NAIC and communicate with other entities/groups, including the sharing of information as may be appropriate, on cybersecurity issues.
5. Perform such other tasks as may be assigned by the Executive (EX) Committee relating to the area of cybersecurity
After the NAIC meeting, the Cybersecurity Task Force released an update to their guiding principles document, which can be found here.
The Future of Security
As part of our commitment to security, Vertafore is continually evolving and responsive to cyber security, including monitoring new national initiatives.
Staying up to date on these new initiatives in security is vital, as you will need to incorporate them into your compliance activities. In the future, carriers will also see additions to the areas that are reviewed by states during regulatory examinations.
The Sircon Team at Vertafore is currently reviewing the Cybersecurity Task Force draft principles and will be participating in the NAIC/NIPR e-Reg Conference next week
Did you like this post?
Leslie Kosal is Director of Product Management for Sircon for States® and core regulatory products in Vertafore's Sircon solution portfolio. While most of her colleagues know her as their friendly neighborhood insurance licensing expert, Leslie is also a co-owner of a beer & wine store with her husband in Okemos, Michigan.