Skip to main content

Regulatory Laws Putting Cybersecurity Pressure on Insurers

Joshua Hoffman
April 23, 2015

New regulatory guidelines focused on cybersecurity are emerging in the insurance industry, and organizations need to be prepared to improve their technologies and operations in light of these laws. A recent Business Insurance report explained that the National Association of Insurance Commissioners believe that, moving forward, regulatory laws aimed at improving cybersecurity will need to be flexibleenoughto handle the diversity that exists in the industry.

Process standardization and control can help insurers comply with regulatory standards.

Business process management software, while not specifically designed as a security solution, empowers organizations to standardize their processes and build internal rules into operations. This functionality makes it much easier to comply with regulatory guidelines by allowing insurers to embed regulatory reminders into the processes users follow to manage infrastructure, data and day-to-day operations. These process improvements play a key role in regulatory initiatives.

Looking at regulatory changes in the insurance sector

New regulatory laws are not, by any means, set in stone. At this stage, however, the National Association of Insurance Commissions is focused on guiding regulatory development so that there will be a baseline that any organization with a connection to the Internet or any other public network will need to reach. The National Association of Insurance Commissions has established 12 principles to help with regulatory development in the insurance sector, but on the whole, the laws need to be adaptableand generally follow common cybersecurity guidelines like those set forth by the National Institute of Standards and Technology.

"Process improvements play a key role in regulatory initiatives."

Additionally, regulatory laws need to be put into place to ensure underwriters are following risk management best practices and insurers are protecting data adequately. The wide range of sizes, data management needs and client bases across the insurance sector means that extremely strict and far-reaching laws are needed for organizations with large, highly digitized operations, while simple guidelines will be needed to help small insurers follow best practices without having to strain too much to keep up with regulations.

Using BPM software to support regulatory compliance

It is easy to discuss regulatory laws pertaining to cybersecurity and start worrying about investing in technologies and services to help you comply with new standards. Regardless of how important technology is, improving processes one of the most prominent issues facing insurers and other businesses trying to deal with new regulatory demands. Protecting information as it moves between users, making sure only authorized personnel have access to sensitive information, establishing governance within process modules and improving visibility and documentation are all process-related initiatives that support regulatory compliance efforts. BPM tools can deliver on this functionality and help insurers respond to new regulations.