For insurance company Chief Risk Officers, evolving and increasing cybersecurity risks will be hard to ignore in 2017. In addition to fending off cyber-attacks like every enterprise must, insurance companies also will face new legal and regulatory cyber challenges by way of a groundbreaking regulation from New York’s Department of Financial Services and possibly a Model Law from the National Association of Insurance Commissioners. Meanwhile, insurers are writing more cyber coverage, triggering concerns about cyber events simultaneously affecting multiple insureds across the insurer’s portfolio, leading to massive aggregated losses. While addressing these “noisy” cyber risks will not be an easy task from a risk management perspective, a more subtle and potentially more dangerous cyber risk – a “silent” cyber risk — likely will prove to be even more challenging for today’s CROs. [Read more…]
This is an unprecedented time for insurers. As margins associated with conventional lines of coverage continue to tighten, pressure is increasing to offer new forms of coverage to respond to the emerging cyber threats facing insureds in today’s digital economy. At the same time, insurers are compelled to make certain that those risks are effectively excluded from coverage under many other “traditional” policy forms.
New York State’s Department of Financial Services (DFS) has just released its revised first-in-nation proposed cybersecurity regulation. In formulating the revised proposal, DFS took into account the more than 150 comments it received with regard to its original proposal, which was released in September 2016. Although the new proposal maintains many of the requirements of the initial proposal, such as the requirements for a Cybersecurity Program, a written Cybersecurity Policy, and the designation of an individual responsible for the program’s implementation and oversight, the new proposal differs in a number of very significant ways, highlighted below:
Ownership of a company’s cybersecurity is akin to an issue like climate change or eco-preservation: It’s a concern that touches everyone. For cybersecurity, however, universal ownership may not be the best approach to ensure accountability.
More and more employees are using their own devices for work related purposes, and corporate “bring your own device” policies deal with technologies that are associated with the devices. BYOD policy writers should consider how the policy will affect the different internal departments within the corporation. This article highlights some of the specific internal stakeholders and their concerns with respect to the policy.
Originally posted in Bloomberg.
Email practices are one of the most vexing and pressing concerns for companies. Even though other media are now being adopted, email is still the primary method of business communication. Unfortunately, it also creates inefficiencies and presents tremendous cybersecurity risks.
- Security Challenges