Insurance providers in New York dedicate seven percent or less of overall budgets for information security, and the majority – 95 percent – believe that they have adequate staffing levels for information security.
Those stats are part of a February 2015 report on cybersecurity in the insurance sector by the New York State Department of Financial Services (NYDFS), which surveyed 43 regulated insurance companies – 21 of which were health insurance providers, 12 that were property and casualty insurance providers, and 10 that were life insurance providers.
The survey was prompted by an increasing number of high-profile breaches that put personal information at risk for sometimes millions of individuals. The NYDFS is using the report to gain insight into how the insurance industry is preventing cybercrime and protecting sensitive data because it will take on initiatives in the coming weeks and months to shore up cybersecurity at regulated insurance companies.
“These include integrating regular, targeted assessments of cyber security preparedness at insurance companies as part of the Department's examination process; putting forward enhanced regulations requiring institutions to meet heightened standards for cyber security; and exploring stronger measures related to the representations and warranties insurance companies receive from third-party vendors, and other measures,” the report states.
As it turns out, the report shows that insurance companies are keeping security in mind.
Between 95 and 100 percent of insurers said they are using security technologies to prevent data breaches, including anti-virus software, tools to detect malicious code, firewalls, intrusion detection tools, and encryption for data in transit.
Additionally, 98 percent of insurers reported using an information security framework containing the NYDFS's key elements of a security program: a written information security policy, training, audits, risk management, and incident monitoring and reporting.
However, breaches are still happening.