Insurance Assurance, a look at how cybersecurity can impact the insurance industry, and what tools are available to protect against it, was held Wednesday at the Georgia Cyber Innovation and Training Center.
Sponsored by Augusta Technical College and Travelers Insurance Company, the program focused on cybersecurity insurance and threats.
Dr. Jermaine Whirl, President of Augusta Tech told ABD the program is the result of a relationship he developed while at Gwinnett Technical College.
“Dr. Jose de la Cruz reached out to me, he’s Senior VP of HR for Travelers Insurance, and he said, ‘We need to have a conversation about cyber and specifically in the insurance business, and cybersecurity attacks. There really hasn’t been a global discussion about the intricacies behind that, the trends we’re seeing, and then also the workforce we need to protect,’ Whirl explained.
Edrich Louw, the senior cyber underwriter with Travelers, said this is one of a series of seminars the company holds nationwide.
“We have these events across all the different regions across the country to help spread cyber security, and what kind of insurance products we offer to help with that,” he said. “Today is more of an educational industry thing. It’s not really focused on what Travelers can do. It’s more of what the cyber insurance industry can offer, with regards to products and some services.”
Cybersecurity has the attention of the National Association of Insurance Commissioners (NAIC). In March 2024, the organization’s Cybersecurity Working Group provided a response plan for Departments of Insurance (DOI) should a breach occur.
The Cybersecurity Event Response Plan (CERP), available on the NAIC website (https://content.naic.org/sites/default/files/committee_related_documents/CERP%2520V5%2520-%2520Final%2520Adopbed%2520Version.pdf), outlined steps DOIs should take once a breach is identified, particularly in the system of an insurance licensee.
“DOIs must establish clear roles, responsibilities, and levels of decision-making authority to ensure a cohesive team response to cybersecurity events at regulated entities” reads the plan. “Furthermore, many DOIs have divisions, such as consumer services sections, to inform and protect insurance consumers. In the case of a disruptive cybersecurity event, providing the consumer services section with accurate, up-to-date information and scripts will enable better consumer assistance and will help avoid duplicative or inconsistent information being provided to the public, consumers or otherwise.”
The plan provides two checklists, one labeled Insurance Data Security Pre-Breach Checklist and a second for Post-Breach Checklist.
“It’s very important. You set standards, and you have people on the same page, and they can share information on how to respond to threats,” said Carl Grant, Commercial Crime Product Manager at Travelers. “Now you know what to do. There’s a set of standards. There are instructions you can follow pre-breach and post-breach, so you can see what you need to do and where you are at that point.”
In addition to identifying the date of the breach, the list recommends describing how information was lost, stolen, or breached. Also, how the breach was discovered and, if known, the source of the breach.
“We have over 70 students attending. These are Cyber students, and then, more importantly, cyber individuals from Travelers, are here and several of their executives from Atlanta and from the region are here in attendance,” said Whirl.
More information regarding cybersecurity and other topics is on the NAIC website https://content.naic.org/
