Insurance carriers, with their large repositories of high-value personally identifiable information (PII), are increasingly threatened by cyber attacks from bad actors globally. Such attacks could have an immense impact, affecting not only the carriers but also their insureds, and even rippling through customer supply chains.
Executive SummaryAs the frequency and severity of high-profile cyber attacks escalate, federal and state governments are imposing regulations that require organizations to demonstrate better preparedness and resilience in the event of a cyber attack. This article is part of a three-part series. In Part 2, "Becoming Cyber Resilient: A Seven-Step Guide for Insurers," FTI Consulting's Scott Corzine provides insights and guidelines for addressing these requirements and putting organizations on a path toward better preparedness and resilience to a cyber attack. In Part 3, he drills down on one specific recommendation, explaining the basics of "Preparing a Cyber Incident Response Plan."
The potential damage from such threats is underscored by the impact of recent attacks on large companies in numerous sectors, including retail, financial, entertainment and health insurance as well as a U.S. government agency. Such attacks have the potential to embarrass management, place valuable relationships at risk, result in employment terminations and influence governments.
Successful attacks have increased the urgency for insurers to be prepared and have prompted state and federal government legislatures and agencies as well as many security-related organizations to up the ante for companies to improve their cybersecurity preparedness. For example, following the recent cybersecurity breach of a large health insurance company, members of the National Association of Insurance Commissioners (NAIC) are calling for a multistate examination of the company and its subsidiaries. (Source: Feb. 12, 2015 press statement titled “NAIC Reminds Consumers to Take Steps to Protect Themselves From Identity Theft Following Anthem Security Breach.)