Schneier on Security

SEPTEMBER 10, 2019

Good paper on cybersecurity insurance: both the history and the promise for the future. From the conclusion: Policy makers have long held high hopes for cyber insurance as a tool for improving security. Cyber insurance appears to be a weak form of governance at present.

Insurance 81

Insurance Cybersecurity Risk Paper 81

Data Matters

FEBRUARY 2, 2021

The National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law has been adopted in at least 11 states, with several others (including New York) having implemented either older or similar laws or administrative guidance. See State Legislative Brief, NAIC, June 2020.

Insurance 114

Insurance Security Compliance Cybersecurity 114

eSecurity Planet

APRIL 22, 2022

That’s where cyber insurance may be able to help. If your company has not already experienced a significant cybersecurity event, it is probably only a matter of time before it does. But there’s a catch: Insurers are going to carefully assess your cybersecurity controls before writing any policy, and there are limits to coverage.

Insurance 97

Insurance Ransomware Cybersecurity Marketing 97

Data Protection Report

MARCH 21, 2023

The French Information and Digital Security Experts Club ( CESIN ) has estimated that 54% of French companies were subject to cyberattacks in 2021, [1] while France Assureurs has put cyberattack risks on top of all other risks for the sixth year in a row. [2] 12-10-1 into the French Insurance code. However, in the end, Article L.12-10-1

Insurance 104

Insurance Data breaches Personal data GDPR 104

Data Matters

OCTOBER 20, 2022

Treasury Department is seeking public comment on the need and scope for a potential federal insurance response to catastrophic cyber incidents, akin to the one put in place for terrorism insurance after the attacks of September 11, 2001. The request, published by the Federal Insurance Office (FIO) in the U.S. Background.

Insurance 88

Insurance Marketing Cybersecurity Risk 88

Security Affairs

APRIL 23, 2023

Non-profit health insurer Point32Health suffered a ransomware attack and has taken systems offline in response to the incident. Non-profit health insurer Point32Health has taken systems offline in response to a ransomware attack that took place on April 17. ” reads the statement published by the insurer.

Insurance 76

Insurance Ransomware Cybersecurity Education 76

Schneier on Security

JULY 1, 2021

Here’s one more contribution to that issue: a research paper that the insurance industry is hurting more than it’s helping. Although it is a societal problem, cyber insurers have received considerable criticism for facilitating ransom payments to cybercriminals. Often, that’s paying the ransom. News article.

Insurance 108

Insurance Ransomware Paper Marketing 108

The Last Watchdog

JANUARY 20, 2020

To help mitigate the risk of financial losses, more companies are turning to cyber insurance. Related: Bots attack business logic Cyber insurance, like other forms of business insurance, is a way for companies to transfer some of numerous potential liability hits associated specifically with IT infrastructure and IT activities.

Insurance 171

Insurance Data breaches Cybersecurity Risk 171

Thales Cloud Protection & Licensing

MAY 10, 2022

Checklist for Getting Cyber Insurance Coverage. The necessity for cyber-insurance coverage. And while organizations are taking steps to protect against cyber attacks, cybersecurity controls are not impenetrable. Cyber risk insurance covers the costs of recovering from a security breach, a virus, or a cyber-attack.

Insurance 77

Insurance Authentication Risk Ransomware 77

Security Affairs

APRIL 22, 2022

When security fails, cyber insurance can become crucial for ensuring continuity. Our reliance on digital technology and the inherited risk is a key driving factor for buying cyber risk insurance. If the technology were to become unavailable, the resulting business impact could be mitigated with cyber insurance.

Insurance 78

Insurance Risk Cybersecurity Ransomware 78

eSecurity Planet

MAY 27, 2021

The explosion of ransomware and similar cyber incidents along with rising associated costs is convincing a growing number of insurance companies to raise the premiums on their cyber insurance policies or reduce coverage, moves that could further squeeze organizations under siege from hackers. Insurers Assessing Risks.

Insurance 127

Insurance Ransomware Risk Data science 127

Daymark

AUGUST 15, 2023

A CISO Primer on Navigating Cyber Insurance After 10+ years of working with clients to negotiate and place cyber insurance, I’ve noticed that one of the most frequent challenges has always been getting the underwriters and my client’s information security stakeholder (like a CISO or CIO) to understand each other.

Insurance 52

Insurance Information Security Communications Security 52

Dark Reading

SEPTEMBER 21, 2022

After one company suffered a breach that could have been headed off by the MFA it claimed to have, insurers are looking to confirm claimed cybersecurity measures.

Insurance 74

Insurance Cybersecurity Security IT 74

Krebs on Security

JULY 21, 2023

But one aspect of that vaunted list that hasn’t shifted much since is that very few of these companies list any security professionals within their top executive ranks. But organizations that do not offer this coverage to their security leaders are unlikely to list those positions in their highest ranks, Schreider said.

Security 201

Security Risk Insurance Cybersecurity 201

Hunton Privacy

AUGUST 6, 2019

On August 2, 2019, New Hampshire Governor Chris Sununu signed into law SB 194 (the “Bill”), which requires insurers licensed in the state (“licensees”) to put in place data security programs and report cybersecurity events. Key provisions of the Bill include: Information Security Program. Incident Response Plan.

Insurance 81

Insurance Security Cybersecurity Information Security 81

Data Matters

JANUARY 14, 2019

On December 19, 2018, Ohio adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law. The Act is designed to “establish standards for data security and for the investigation and notification to the Superintendent of Insurance of a cybersecurity event.”.

Insurance 68

Insurance Security Cybersecurity Data breaches 68

Hunton Privacy

FEBRUARY 21, 2024

Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) and the National Institute of Standards and Technology (“NIST”) published a final version of Special Publication 800-66 Revision 2, “Implementing the Health Insurance Portability and Accountability Act (“HIPAA”) Security Rule: A Cybersecurity Resource Guide.”

Cybersecurity 52

Cybersecurity Insurance Risk Information Security 52

Hunton Privacy

JULY 1, 2022

(“Carnival”), the world’s largest cruise-ship operator, for violations of the Cybersecurity Regulation (23 NYCRR Part 500) in connection with four cybersecurity events between 2019 and 2021, including two ransomware events. . NYDFS also found that Carnival had failed to implement basic protocols to prevent data breaches.

Cybersecurity 115

Cybersecurity Insurance Phishing Financial Services 115

Data Matters

FEBRUARY 11, 2019

On December 28, 2018, Michigan adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law in the form of Michigan H.B. The Act defines licensees as persons authorized, registered, or licensed under Michigan insurance laws or required to be so. 6491 (Act). MCL § 500.550.

Insurance 68

Insurance Security Cybersecurity FOIA 68

The Last Watchdog

MARCH 13, 2023

So how will this affect chief information security officers (CISOs) and security programs? Given the perennial skills and staffing shortage in security, it’s unlikely that CISOs will be asked to make deep budget or staffing cuts, yet they may not come out of this period unscathed. Demonstrate secure practices to customers.

Security 195

Security Insurance Cybersecurity Customer Experience 195

Schneier on Security

FEBRUARY 28, 2022

Tarah Wheeler and Josephine Wolff analyze a recent court decision that the NotPetya attacks are not considered an act of war under the wording of Merck’s insurance policy, and that the insurers must pay the $1B+ claim. Wheeler and Wolff argue that the judge “did the right thing for the wrong reasons.”

Insurance 97

Insurance Cybersecurity Security 97

Hunton Privacy

JANUARY 2, 2019

New cybersecurity rules for insurance companies licensed in South Carolina are set to take effect in part on January 1, 2019. The new law is the first in the United States to be enacted based on the data security model law drafted by the National Association of Insurance Commissioners.

Insurance 77

Insurance Cybersecurity Data breaches Encryption 77

IBM Big Data Hub

DECEMBER 4, 2023

IBM can help insurance companies insert generative AI into their business processes IBM is one of a few companies globally that can bring together the range of capabilities needed to completely transform the way insurance is marketed, sold, underwritten, serviced and paid for.

Insurance 56

Insurance Digital transformation Compliance Cloud 56

The Last Watchdog

APRIL 30, 2019

If your company is participating in the global supply chain, either as a first-party purchaser of goods and services from other organizations, or as a third-party supplier, sooner or later you’ll encounter the NIST Cybersecurity Framework. That could be for insurance purposes. “As Wrenn said. “So

Cybersecurity 143

Cybersecurity Insurance Security Privacy 143

Data Matters

JUNE 23, 2022

Kentucky and Maryland recently continued the trend of state insurance departments adopting some version of the National Association of Insurance Commissioners’ (“NAIC”) Insurance Data Security Model Law. The post Kentucky and Maryland Recently Joined Other States in Adopting NAIC Model Data Security Law.

Insurance 103

Insurance Security Cybersecurity Information Security 103

Security Affairs

JULY 9, 2021

Insurance giant CNA notifies customers of a data breach after the Phoenix CryptoLocker ransomware attack suffered in March. US insurance giant CNA is notifying customers of a data breach after the ransomware attack that it suffered in March. Bloomberg was informed about the payment by two people familiar with the attack.

Data breaches 138

Data breaches Insurance Ransomware Encryption 138

Hunton Privacy

NOVEMBER 8, 2023

On November 1, 2023, New York Governor Hochul announced that the New York State Department of Financial Services (“NYDFS”) amended its Cybersecurity Regulation applicable to covered financial institutions. The amended Cybersecurity Regulation will take effect in phases.

Cybersecurity 72

Cybersecurity IT Compliance Financial Services 72

Security Affairs

SEPTEMBER 29, 2020

Gallagher (AJG) insurance giant disclosed a ransomware attack, the security breach took place on Saturday. Gallagher (AJG) global insurance brokerage firm confirmed that it was his with a ransomware attack on Saturday, September 26. US-based Arthur J. US-based Arthur J. ” continues the form. Pierluigi Paganini.

Insurance 132

Insurance Ransomware Data breaches Cybersecurity 132

Security Affairs

JANUARY 7, 2024

Every week the best security articles from Security Affairs are free for you in your email box. Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea Merck settles with insurers regarding a $1.4 A new round of the weekly SecurityAffairs newsletter arrived!

Artificial Intelligence 84

Artificial Intelligence Data breaches Security Ransomware 84

Data Matters

FEBRUARY 10, 2021

2 announcing a Cyber Insurance Risk Framework (the Framework) that describes industry best practices for New York-regulated property/casualty insurers. According to NYDFS, the incorporation of these practices should be proportionate to each insurer’s size, resources, geographic distribution, and other factors. The Framework.

Insurance 79

Insurance Financial Services Cybersecurity Risk 79

KnowBe4

MAY 15, 2023

A new report highlights the direct connection between how strong your organization’s security stance is and how easy it is to obtain cyber insurance.

Insurance 94

Insurance Security IT Cybersecurity 94

DLA Piper Privacy Matters

MARCH 27, 2023

LOPMI introduces amendments to the insurability of losses and damages paid in response to cyber-attacks, including in relation to ransom payments – requiring that the payment of insurance compensation be conditional on the filing of a complaint, within a 72 hour time frame, to competent authorities.

Insurance 52

Insurance Risk Ransomware Cybersecurity 52

Schneier on Security

MARCH 8, 2019

This will complicate things: To complicate matters, having cyber insurance might not cover everyone's losses. Zurich American Insurance Company refused to pay out a $100 million claim from Mondelez, saying that since the U.S.

Insurance 78

Insurance Cybersecurity Military Government 78

eSecurity Planet

FEBRUARY 11, 2022

The simplest example may be insurance. Life, health, auto, and other insurance are all designed to help a person protect against losses. This article looks at cybersecurity risk management, how to establish a risk management system, and best practices for building resilience. What is Cybersecurity Risk Management?

Risk 123

Risk Cybersecurity Encryption Access 123

Security Affairs

MARCH 17, 2024

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Data breaches 97

Data breaches Security Computer and Electronics Ransomware 97

Data Matters

JULY 30, 2018

In October 2017, the National Association of Insurance Commissioners (NAIC) adopted an Insurance Data Security Model Law. On May 3, 2018, South Carolina became the first state to enact this Model Law, in the form of the South Carolina Insurance Data Security Act (H.B.

Insurance 60

Insurance Security Cybersecurity Data breaches 60

Schneier on Security

JUNE 7, 2023

New paper: “ Lessons Lost: Incident Response in the Age of Cyber Insurance and Breach Attorneys “: Abstract: Incident Response (IR) allows victim firms to detect, contain, and recover from security incidents. It should also help the wider community avoid similar attacks in the future.

Insurance 78

Insurance Cybersecurity Paper Communications 78