Cyber security continues to be an emerging regulatory issue in the insurance industry, as evidenced by recent actions taken by the New York Department of Financial Services (the “DFS”) and the National Association of Insurance Commissioners (the “NAIC”). On March 26, 2015, DFS issued 160 insurance companies a New York Insurance Law Section 308 Letter, seeking a detailed report addressing cyber security practices and procedures. This action was initiated on the heels of DFS’ February 9, 2015 Report on Cyber Security in the Insurance Sector (click here for the Report), summarizing the results of a survey completed by 43 insurers about their cyber security programs, costs and future plans, its announcement of proposed regulations to implement enhanced security measures and the NAIC’s publication of its draft Principles for Effective Cyber security Insurance Regulatory Guidance (click here for the Principals) In the letter, the DFS emphasizes that cyber security should no longer be viewed solely as a subset of information technology, but rather as an integral aspect of an insurer’s overall risk management strategy. The DFS letter also invokes the DFS’s authority under Section 308 of the New York Insurance Law to require that insurers receiving this letter submit a response providing the requested information by April 27, 2015. Click here for a copy of the letter.
Additionally, on March 18, DFS asked insurers operating in New York to provide information concerning so-called “price optimization” techniques. Maryland, Ohio and California have prohibited the use of price optimization in their states in recent months. In the letter, price optimization is defined as the practice of varying rates based on factors other than those directly related to risk of loss — for example, setting rates or factors based on an insured’s likelihood to renew a policy or on an individual’s or class of individuals’ perceived willingness to pay a higher premium relative to other individuals or classes. The letter states DFS’ concern that insurers are charging higher premiums based on “whether a consumer is less likely to notice, shop around, or object.” DFS alleges that such practices are inconsistent with traditional cost-based rating approaches.
The DFS advised it is seeking information from insurers in order to help regulators determine whether insurers use price optimization in New York along all property/casualty insurance lines – and whether corrective actions are needed. Insurers are directed to respond by April 15.
Questions regarding regulatory initiatives underlying cyber security practices and procedures or price optimization can be directed to Cynthia Borrelli.