Understanding Cybersecurity Awareness for Insurance Companies
Cybersecurity threats are one of the greatest challenges facing businesses today. Many businesses, including banks and insurance companies have woefully inadequate security systems to ensure protection of private consumer information. In 2014 Crackers stole personal, financial, and medical information of 80 million customers insured with Anthem Inc., the second largest insurance company in the US.
Following this breach, in July 2015, the Cybersecurity Task Force of the National Association of Insurance Commissioners (NAIC) released a draft version of a 'Bill of Rights' that outlines the Cybersecurity Protection Rights of Insured Consumers to know what personal information has been collected, how it is used and shared, the right to receive written notice of a breach, and assurance that their personal data will be protected by insurance companies and other entities regulated by state insurance departments against loss, undue exposure, and data breach.
Personal information of insured consumers has been vulnerable to data breaches because it often includes social security numbers, financial data, addresses, and even medical information. Although the Bill of Rights will not be legally binding on states, it may encourage state legislators and regulators to augment insured consumer data and breach protections. Several obligations are more stringent than most state and federal breach notification laws. For example, the insured would have the right to receive a minimum of two years of identity theft protection from the regulated organization and, an insurance company must notify the insured of any data breach within 60 days.
Despite the changes, a number of insurance organizations believe that the Bill of Rights could be misinterpreted by consumers, that it fails to address some inconsistencies with state laws, and could entitle consumer protections and insurance company obligations beyond those afforded by federal and state laws.
A deeper and more comprehensive understanding of the NAIC Bill of Rights is critical if insurance companies want to comply with the law and minimize risks to insured consumers. Therefore, it is necessary that insurers develop sound compliance programs and regularly audit and test systems to ensure that they are robust and conforming.
In this two hour LIVE Webcast, a panel of distinguished professionals and thought leaders brought together by The Knowledge Group will help insurance company officials understand the fundamental obligations they face in complying with the NAIC Bill of Rights. Speakers will provide an in-depth discussion of the cybersecurity protection rights of insured consumers and also offer best practices in developing and implementing effective compliance programs.
Key topics include:
- The NAIC Bill of Rights for Insured Consumer Cybersecurity Protection
- Cybersecurity Trends in the Insurance Industry
- Cybersecurity Risks and Pitfalls
- Recent Litigation in the Insurance Industry
- Stringency and Inconsistencies
- Regulatory Forecasts
- Best Cybersecurity Practices
Kenneth Johnston, Partner
Kane, Russell, Coleman & Logan, P.C.
Larry Bowman, Director
Kane, Russell, Coleman & Logan, P.C.
- Can an insured seek coverage for a data breach or other cybersecurity incident under a traditional first or third-party policy? In this section, we will provide an overview of court decisions addressing whether traditional first party and third party policies cover losses caused by a cybersecurity incident, including whether such losses would be covered under the frequently litigated “property damage” or “personal and advertising injury” clauses. Several recent 2014 court decisions have addressed whether “personal and advertising injury” clauses cover the disclosure of customers’ personal information in a data breach. Additionally, we will discuss the potential coverage issues implicated by a cyberattack causing equipment failure or damage.
- What are the issues and uncertainties associated with new cyber insurance policies? In this section, we will discuss a variety of coverage issues associated with new cybersecurity policies, including the scope of coverage for first and third party losses; the type of information disclosure covered; and whether the policy covers vendors’ conduct, often the source of data security problems.
- Sources of cybersecurity best practices: Whether you are assessing an insured’s cybersecurity policies or your own policies, it is important to consider whether the policies of compliance with cybersecurity best practices. Although there are no national statutory cybersecurity standards, various states and federal regulators have proposed standards of reasonable data security including standards promulgated by the Center for Internet Security and the National Institute of Standards and Technology. We will discuss those standards and what commonalities they share.
- Evolving burdens on corporate officers and directors for cyber security best practices.
Patty Patria, Chief Information Officer
- How to convince management that security is a corporate problem, not an IT problem.
- How to create a compressive security culture to help mitigate risk in your organization.
- Provide an overview on how to address policy, business processes, assess risk and review roles to reduce your risk and help your institution become more secure.
- As more information moves to the cloud, make sure you assess your third party providers.
- Information security training is key. Do it often via different mediums for best results.
Adam Meyer, Chief Security Strategist
- Cyber Security is a business problem and not a pure technology problem. Many of today’s threats involve large amounts of fraud and extortion, which cannot be solved by simply deploying another tool.
- Every organizational product or service is dependent on technology to be successful, yet we do not manage it as a risk.
- Look outward and gain visibility of specific “on the horizon” threats to your business
- A majority of breached companies had security tools and staff…Why is it that spending keeps increasing but nothing ever changes?
- If asked, can you answer this question “Are you well positioned for cyber risk? Do you know with certainty that the right resources are deployed to the right areas based off of measured threats?” How does this translate into the insurance policy risk process?
Who Should Attend:
- Cybersecurity Lawyers
- Insurance Litigators
- Insurance CEOs & CFOs
- Insurance Advisers
- Insurance Agencies
- Insurance Risk Officers
- Cybersecurity Professionals
- Insurance Data Security Officers
- Other Interested Professionals
Adam Meyer leads the threat intelligence analyst team at SurfWatch Labs. has served in leadership positions in the defense, technology, and critical infrastructure sectors for more than 15 years. Prior to joining SurfWatch Labs, Mr. Meyer was the Chief Information Security Officer (CISO) for the Washington Metropolitan Area Transit Authority, one of the largest public transportation systems in the United States. Preceding his role as a CISO, Mr. Meyer served as the Director of Information Assurance and Command IA Program Manager for the Naval Air Warfare Center, Naval Air Systems Command one of the Navy's premier engineering and acquisition commands.
Adam Meyer leads the threat intelligence analyst team at SurfWatch Labs. has served in leadership positions in the defense, technology, …
Mr. Johnston, a Director, focuses his practice on class-action and general commercial litigation with an emphasis on financial services, insolvency and creditor rights. He routinely represents financial institutions in a variety of matters, including general bank operations, material defensive litigation, and credit risk management. Mr. Johnston also represents parties on both sides of cases involving oil and gas, partnerships, securities, and corporate governance, as well as investor groups in Ponzi scheme matters. Specific areas include the following: General bank operations, Lender liability defense, Defensive litigation, Statutory and regulatory compliance litigation, Insolvency and creditors' rights, Inter-bank liability.
Mr. Johnston also practices in the Firm's Energy and Investment Fraud Practice Groups. He regularly represents individual and corporate investors in oil and gas fraud matters. He has developed significant expertise in both investigating and prosecuting claims for large investor groups arising from Ponzi schemes. He also represents parties on both sides of cases involving oil and gas, partnerships, securities, and corporate governance.
Mr. Johnston, a Director, focuses his practice on class-action and general commercial litigation with an emphasis on financial services, insolvency …
Mr. Bowman, a director of the Firm in the Dallas office, practices in the Litigation, Large Loss Subrogation, Insurance, Construction and Intellectual Property practices areas. For over 30 years, he has represented clients in complex commercial litigation matters including contractual, tort, construction, product liability, intellectual property, antitrust and securities. Mr. Bowman has represented a broad spectrum of individual corporate and insurance company clientele at trial and in settlement of significant cases.
Mr. Bowman, a director of the Firm in the Dallas office, practices in the Litigation, Large Loss Subrogation, Insurance, Construction …
Patty Patria is the Chief Information Officer at Becker College. She has more than 15 years of experience in the IT industry, with more than 10 in higher education. She is responsible for providing strategic leadership in long-term and short-term planning, managing administrative and academic technology, overseeing the management of computer security, networks, servers, and personal computers, and ensuring compliance with information security laws.
Patty holds a Master of Business Administration from Suffolk University. She is also a certified Project Management Professional (PMP) and Certified Information Systems Security Professional (CISSP).
Patty Patria is the Chief Information Officer at Becker College. She has more than 15 years of experience in the …
Print and review course materials
Method of Presentation:
NASBA Field of Study:
NY Category of CLE Credit:
Unlock All The Knowledge and Credit You Need
Leading Provider of Online Continuing Education
It's As Easy as 1, 2, 3
Get Your 1-Year All Access Pass For Only $199
About SurfWatch Labs
SurfWatch Labs helps organizations and service providers quickly establish a strategic cyber threat intelligence operation that drives more effective use of their tactical defenses.
Founded in 2013 by former US Government intelligence analysts, SurfWatch Labs solutions provide a 360-degree view of cyber threats in the context of your business, along with practical and personalized support to create immediate insights and meaningful action. Combining useful analytics, applications and human expertise, SurfWatch solutions can be your off-the-shelf, cyber threat intelligence team or delivered as a comprehensive product suite that easily integrates with your existing cybersecurity operations.
SurfWatch Labs: Cyber In Sight.
About Kane Russell Coleman & Logan PC
Kane Russell Coleman & Logan PC is a full service law firm with offices in Dallas and Houston. Formed in 1992 with five lawyers, today KRCL has more than 95 attorneys. The Firm provides professional services for clients ranging from Fortune 500 companies to medium-sized public and private companies to entrepreneurs. KRCL handles transactional, litigation and bankruptcy matters in Texas and throughout the country.
About Becker College