Council Foundation Logo Leaders Edge

President signs NFIP extension into law, summer 2018 cyber market watch survey results, and more

August 6, 2018

President Signs NFIP Extension into Law

On July 31, President Trump signed into law a bill that reauthorizes the National Flood Insurance Program through November 30, 2018. The bill was signed after the Senate passed S.1182, the National Flood Insurance Program Extension Act of 2018, by a vote of 86-12.

More.

Summer 2018 Cyber Market Watch Survey Results

The Council released its biannual Cyber Market Watch Survey last week. Results were consistent with responses from the first and second halves of 2017: cyber insurance take-up rate remained low at 32 percent, and 89 percent of respondents saw premium pricing stay flat or decrease over the past six months. Respondents also agreed that market capacity was plentiful, and some even noted an increase in capacity due to an influx of insurers moving into the cyber market space.

Brokers saw a lack of clarity in cyber policies as a persistent problem, according to results from survey. Approximately 83 percent of survey respondents said that there was either “insufficient” or only “somewhat” sufficient clarity from carriers as to what is covered or excluded in a cyber policy.

Click here for the full report.

REMINDER: NYSDFS Cybersecurity Regulation Compliance Deadlines Approaching

Under the New York State Department of Financial Services’ (NYSDFS) cybersecurity regulation, covered entities are required by September 3, 2018, to be in compliance with: (1) audit trail requirements, (2) application security requirements, (3) limitations on data retention, (4) certain monitoring requirements, and (5) encryption requirements.

First, non-exempt covered entities must maintain, to the extent applicable and based on their risk assessments, audit trails designed to reconstruct material financial transactions sufficient to support normal operations and obligations of the covered entity, and audit trails designed to detect and respond to cybersecurity events that have a reasonable likelihood of materially harming any material part of the normal operations of the entity (§ 500.06).

Second, non-exempt covered entities must have written procedures, guidelines, and standards designed to ensure the use of secure development practices for their own applications, and procedures for evaluating, assessing, or testing the security of externally developed applications (§ 500.08).

Third, all covered entities must implement policies and procedures for the secure disposal on a periodic basis of any nonpublic information that is no longer necessary for business operations, except where such information must be retained by law or regulation, or where such disposal is not reasonably feasible due to the manner in which it is maintained (§ 500.13).

Fourth, non-exempt covered entities must implement risk-based policies, procedures, and controls designed to monitor “authorized users,” detect unauthorized access, and the use of or tampering with nonpublic information (§ 500.14(a)).

Fifth, non-exempt covered entities must encrypt all nonpublic information, both in transit and at rest.  If this is infeasible, the entity may instead secure its nonpublic information using effective alternative compensating controls approved by the Chief Information Security Officer (CISO) and annually reviewed (§ 500.15).

Furthermore, by March 1, 2019, covered entities must be in compliance with Third Party Service Provider policy requirements (§ 500.11).

For a complete description of the regulation’s requirements and exemptions, click here.

 

The Value of Empathetic Management

Empathy and compassion in the workplace can bring creativity and collaboration to problem solving and help drive future results.

Here’s how.

Trust, It’s Verified

In a world where transactions occur instantaneously, the business of insurance—sales, underwriting, distribution, claims and so on—remains unduly sluggish. That’s about to change for industry players and their customers, thanks to the convergence of three technologies: blockchain, artificial intelligence and predictive data analytics.

Read more.

Joel Wood, SVP, Government Affairs
The Battle to End the Cadillac Tax
Employee Benefit Adviser

Joel Kopperud, VP, Government Affairs
The Next Generation of Doctors Is Pushing for Universal Healthcare
Tonic

Blaire Bartlett, Director, Government Affairs
California Insurance Commissioner Asks DOJ to Block CVS-Aetna Merger
Forbes

Cheryl Matochik, SVP, Strategic Resources & Initiatives
Meet the Rebate, the New Villain of High Drug Prices
The New York Times

Katie Oberkircher, Content Specialist, Market Intelligence & Insights
How Would Individual Market Premiums Change in 2019 in a Stable Policy Environment?
Brookings

Rob Boyce, Director, Market Intelligence & Insights
Why GenX and Baby Boomers are the Most Cybersecure Employees
TechRepublic

Our Cyber One-Pager

Download