New York Governor Andrew Cuomo’s cybersecurity regulations on the financial services industry,
“The law carries a lot of weight because of the companies based here,” says Sam Friedman, insurance research leader at Deloitte Center for Financial Services. “New York is seen as a bellwether for the country. The law creates a nice template for people to look at.”
Cuomo’s regulations,
“Each regulation gives insurers wiggle room,” said Friedman. “They are pretty easy to clear as insurers have already taken a lot of these steps. It, however, does put companies on notice that they’re being watched.”
The rules come at a critical time for the insurance industry. Hackers are becoming increasingly sophisticated with approaches on how to compromise businesses; from data breaches targeting PII data to ransomware and point of service attacks. The expansion of the Internet of Things throughout the economy also creates added entry points for invaders to leverage.
The bright spot for insurers is senior executives have developed a real hunger for staying ahead of breaches, resulting in favorable budgets for chief information security officers to work with, Friedman says. Yet insurers’ craving for a better customer experience through innovation creates an interesting conundrum for CISOs.
“There’s a lot of transformation yet insurers still rely on legacy systems that require patching up from time to time,” said Friedman. “CISOs have to find a balance when making sure everything is secure. They can’t make it so easy that hackers can get in, but can’t require three passwords to use their system.”
