Most insurers say they take data security very seriously.
Regulators at the New York State Department of Financial Services are wondering whether insurers are as well-prepared to defend their data and systems as they say they are.
The department released a summary of results from an insurer data security survey less than a week after Anthem Inc. (NYSE:ANTM) announced a breach that may have affected as many as 80 million people, and just a few days after officials reported that con artists have filed a wave of requests for tax refunds using stolen identities.
New York regulators found that 95 percent of the 43 insurers that participated in the New York survey said they believe their companies have enough information security staff, and that all but one said they have an information security framework in place.
Regulators said “having an information security framework in place” should mean that an insurer has a written information security policy, security training for employees, information security audits, cyber-risk risk management, and incident monitoring and reporting.
But the regulators also found signs that some insurers may be wrong about how secure their information systems are.
For a look at some of the findings that made New York regulators uneasy, read on.