June 22, 2020 — Jon Mendoza, CISO at Technologent, was recently quoted in an article for Insurance Journal. Mendoza helps explain why insurance agencies get no break, even when it comes to cyber liability.
Read through the full article here: https://www.insurancejournal.com/news/national/2020/09/10/582026.htm
Insurance Agencies Get No Break When It Comes to Cyber Liability
As this trying year drags on, insurance agents might be tempted to take a quick breather. From a cyber liability perspective, however, the pressure on agents is ramping up over the rest of the year. Here’s why.
In past columns, we have discussed the regulations that deal with cyber security practices that affect agents, including the California Consumer Privacy Act (CCPA), the New York Cybersecurity Requirements for Financial Services Companies and versions of the National Association of Insurance Commissioner’s Insurance Data Security Model Law (passed in eight states with six pending). States that passed the NAIC law did so last year and the CCPA went into effect in January.
As a practical matter, a grace period before enforcement begins in earnest is common practice, according to Jon Mendoza, chief technology officer for Technologent. By this time, agencies that do business in these states but haven’t yet taken action to protect their data will now face a greater risk of penalties.
Coalition’s Motta says carriers are pushing agencies to pay greater attention to cybersecurity because hackers could potentially access many types of data via an agency’s backdoor.
Today, all agencies, no matter what states they write in, must confront a growing and stealthy threat through their vendors.
“Most agencies use multiple digital tools and platforms to perform important functions such as accounting, quoting and communications,” says Joshua Motta, co-founder and CEO of Coalition, which offers cyber coverages and cyber security tools to agencies. “To perform these functions, these third-party service providers need access to agency data. Even if the agency itself maintains strong data security protection, that protection is only as strong as those practiced by the service provider,” he said.
Motta added that hackers are targeting these data-rich providers more and any breach of agency data is collateral damage.
September 10, 2020