Two months after the New York State Department of Financial Services (“DFS”) stated that DFS-regulated banks would be examined as part of new targeted DFS cyber security preparedness assessments, the DFS announced today a series of measures that it will take to help strengthen cyber-hacking defenses in the insurance industry. In conjunction with its release of a report on cyber security in the industry, the DFS announced in a press release that, in the coming weeks and months, it will “integrate regular, targeted assessments of cyber security preparedness at insurance companies as part of the Department’s examination process; put forward enhanced regulations requiring institutions to meet heightened standards for cyber security; and examine stronger measures related to the representations and warranties insurance companies receive from third-party vendors, among other measures.”
In surveying a cross-section of its regulated insurance companies for its report, the DFS noted a wide array of factors that affect the sophistication and comprehensiveness of the insurers’ cyber security programs. In that regard, the DFS found that insurers, in general, were not implementing sufficiently robust cyber security systems and defenses, requiring regulatory action to ensure that appropriate standards were being considered and activated at the highest executive levels to protect consumer information from disclosure in the event of a breach.
The DFS’s action comes just days after the nation’s second-largest health insurance company, Anthem Inc., announced that upwards of 80 million of its customers may have had their account information stolen through a sophisticated external cyberattack, which would make it the largest breach of health care information to date.