Cyberstone has performed hundreds of cybersecurity projects for insurance companies. Being located in New York State, we have become intimately familiar with 23 NYCRR 500. This is a groundbreaking new cybersecurity regulation applicable to insurance agents, brokers, and underwriters. This cutting-edge regulation is soon going to find its way into other states and when it does, we’ll be prepared.
In a recent study commissioned by the New York State Department of Financial Services (NYS DFS), only 14% of CEOs receive monthly briefings on information security. Another NYS DFS finding is that only 44% of insurers report conducting annual penetration testing, a critical component necessary to identifying weaknesses and exposures. Lastly, 42% of insurers report that they experienced cybersecurity breaches in the last three years. Simply put, insurance companies in general have massive gaps to fill before they can say their security posture is effective.
Cyberstone can help insurance companies close both compliance and security gaps. It starts with creating a risk baseline. From there, we make recommendations based on a company’s unique risks and potential gaps with respect to security best practices. Finally, we can help with the ongoing need to test the effectiveness of technical controls through annual penetration testing.