N.Y. DFS Eyes Insurers’ Cybersecurity, Price Optimization
New York state regulators recently sent a letter to insurers operating in the state, seeking detailed information on their cybersecurity measures.
Benjamin Lawsky, superintendent of the New York Department of Financial Services (DFS), asked insurers in a March 26 letter to provide responses to some 16 wide-ranging cybersecurity questions.
These questions include: the curriculum vitae and job description of the current chief information security officer; descriptions of how the insurer maintains information security procedures to address the goals of confidentiality, integrity, and availability; any significant changes to the insurer’s information technology (IT) portfolio over the last two years; and protections used to safeguard data that is accessible to third-party service providers.
The insurers have until April 27 to submit responses.
The DFS said it would schedule enhanced IT/cybersecurity examinations after conducting a comprehensive risk assessment of each institution. These examinations would incorporate new questions and topics into the existing IT examination framework, according to the DFS.
In the letter, Lawsky said the DFS encourages all institutions to view cybersecurity as “an integral aspect of their overall risk management strategy,” rather than solely as a subset of IT.
Ensuring the cybersecurity of financial institutions and insurers has become a top priority for the DFS.
In a speech in February, Lawsky said the DFS believes that cybersecurity is likely the most important issue the regulators will face in 2015 – and perhaps for many years to come after that.
Additionally, the DFS on March 18 asked insurers operating in the state to provide information concerning so-called “price optimization” techniques.
New York joins a growing number of states around the country that are examining the practice of price optimization. Maryland, Ohio and California have prohibited the use of price optimization in their states in recent months.
The March 18 letter from the DFS states that price optimization refers to the practice of varying rates based on factors other than those directly related to risk of loss — for example, setting rates or factors based on an insured’s likelihood to renew a policy or on an individual’s or class of individuals’ perceived willingness to pay a higher premium relative to other individuals or classes.
In other words, the letter said, the DFS is concerned that insurers are charging higher premiums based on “whether a consumer is less likely to notice, shop around, or object.” Such practices are inconsistent with traditional cost-based rating approaches, the letter said.
The letter asks insurers whether they currently use any formalized price optimization models, or less formal price optimization considerations, as part of their pricing, rate filing, or tier placement decisions for any line of insurance in New York.
The DFS said it is seeking information from insurers in order to help regulators determine whether insurers use price optimization in New York along all property/casualty insurance lines – and whether corrective actions are needed. Insurers are directed to respond by April 15.