ITA LIVE Top Banner
Follow Us
ITA MEMBERSHIP

VIEWPOINTS

VIEWPOINTS

Hiring a CISO is the Next Step for Insurance Carriers

Mitchell Wein | July 10, 2017

Cybersecurity is top of mind for insurers following the implementation of New York State’s new cybersecurity regulations this spring. While these currently only affect carriers operating in New York, other states seem likely to adopt versions of the regulations rather than wait on the NAIC’s Model Law.

These regulations are notable for their unprecedented standards and strict requirements, including instituting a formal CISO, documenting policies, and submitting to regular assessments. Despite having until February 2018 to comply with the new regulations, carriers are already anticipating shifts in both resources and strategies.

One of the greatest challenges insurers will face in light of these new regulations will be hiring a dedicated CISO, as they come with a hefty price tag and are in relatively short supply. This will be especially difficult for small carriers that may need to consider partnering with certified vendors that would operate on behalf of the insurer and be subject to the same regulatory standards as the carrier. While many mid-sized insurers will name their CIO or COO the CISO with a domain expert to support them, Novarica believes that hiring a designated CISO is a good idea given the risks and complexity involved.

Additionally, carriers will be required to establish and maintain cybersecurity programs with a host of regulatory requirements, as well as submit to risk assessments at least annually, and vulnerability assessments bi-annually. Insurers will also need to establish policies and procedures for the destruction of nonpublic information that is no longer required.

It should be noted that the definition of “nonpublic information” in New York General Business Law is substantially more expansive than “private information” as defined in the proposed NAIC regulation, making for a significant data management burden. Novarica studies show that insurers spend an average of 10 percent of IT budgets on security, but it is clear that these additional requirements, along with any possible technology investments necessitated by the new regulations, will drive that cost up, requiring CIOs to rethink other IT priorities.


Featured articles

Majesco MR

ITA LIVE MR

ELECTRONIC CHAT

The Email Chat is a regular feature of the ITA Pro magazine and website. We send a series of questions to an insurance IT leader in search of thought-provoking responses on important issues facing the insurance industry.

ITA LIVE 2019

The tide is up! It's time to register for ITA LIVE 2019, our annual educational and networking conference! Our theme is "The InsurTech Revolution: Cutting Through the Hype." and we'll be bringing in a torrent of industry thought leaders, amazing insight and wonderful perspectives on the world of insurtech and its impact on the insurance landscape.

ITA LIVE 2019 will present real-life examples of true startup technologies that are helping insurers gain real advantage -- and a competitive edge -- in the marketplace. We’ll highlight the more successful InsurTech partnerships, while offering case studies that demonstrate exciting innovation and cutting-edge techniques impacting all aspects of the insurance ecosystem.

Ride the wave to LIVE 2019. Sign up today! We look forward to seeing you in May, 2019!

BLOGS AND COLUMNS

only online

Only Online Archive

ITA Pro Buyers' Guide

Vendor Views

Partner News