Wisconsin Law Doubles Down On Risk Management
A new Wisconsin law could have ramifications on the way insurance companies and their vendors handle private data. Insurance companies must follow specific regulations to protect sensitive information, such as social security numbers and health-related information, when the new law is passed on the first of November.
Once the new law comes into effect, insurers must conduct a risk assessment, develop an information security program, create an incident response plan, and work with third-party providers to protect customer information.
Furthermore, if a cyberattack occurs, insurance companies must notify relevant parties within a specific timeframe. Insurance companies must inform consumers and insurance providers within 45 days of learning about the breach. They must also inform the Officer of The Commissioner of Insurance (OCI) of the cyber breach within three days. Moreover, if the attack affects 1000 or more consumers, they must inform consumer reporting agencies of the incident.
The new law, which has been in the works since 2019, highlights how national and local governments are placing greater emphasis on data security and are setting strict expectations over how insurance companies should be handling sensitive data.
If insurance businesses want to meet legal demands, they must work with third parties to create a secure environment that keeps data safe.
Why are governments cracking down on data security procedures?
Local and national governments are becoming more stringent about the way insurance companies handle sensitive data. The crackdown comes in the wake of several research reports showing that the healthcare industry is one of the most targeted industries for cyberattacks. Despite this, most parties involved do not have strict security measures to protect their data.
In addition, by encouraging insurance firms to take a closer look at their security, they must also scrutinise their vendors.
Insurance companies work with dozens of vendors that access sensitive data. If insurance firms are to conduct accurate risk assessments or develop suitable incident response plans, they must ensure that vendors meet high-security standards. To improve monitoring, they will need to invest in technology that would allow them to examine vendor security processes, especially when working with hundreds of vendors.
Enforce vendor security with RiskXchange
RiskXchange is the only 360-degree vendor risk management platform that allows businesses to protect their digital assets from cyber-attacks and third-party breaches by improving oversight into vendor infrastructure. The solution can help you oversee your attack surface, monitor vendor activity, and detect anomalies that indicate a cyberattack, all of which help you secure data, meet compliance requirements, and maximise vendor security infrastructure.
A new Wisconsin law could have ramifications on the way insurance companies and their vendors handle private data. Insurance companies must follow specific regulations to protect sensitive information, such as social security numbers and health-related information, when the new law is passed on the first of November.
Once the new law comes into effect, insurers must conduct a risk assessment, develop an information security program, create an incident response plan, and work with third-party providers to protect customer information.
Furthermore, if a cyberattack occurs, insurance companies must notify relevant parties within a specific timeframe. Insurance companies must inform consumers and insurance providers within 45 days of learning about the breach. They must also inform the Officer of The Commissioner of Insurance (OCI) of the cyber breach within three days. Moreover, if the attack affects 1000 or more consumers, they must inform consumer reporting agencies of the incident.
The new law, which has been in the works since 2019, highlights how national and local governments are placing greater emphasis on data security and are setting strict expectations over how insurance companies should be handling sensitive data.
If insurance businesses want to meet legal demands, they must work with third parties to create a secure environment that keeps data safe.
Why are governments cracking down on data security procedures?
Local and national governments are becoming more stringent about the way insurance companies handle sensitive data. The crackdown comes in the wake of several research reports showing that the healthcare industry is one of the most targeted industries for cyberattacks. Despite this, most parties involved do not have strict security measures to protect their data.
In addition, by encouraging insurance firms to take a closer look at their security, they must also scrutinise their vendors.
Insurance companies work with dozens of vendors that access sensitive data. If insurance firms are to conduct accurate risk assessments or develop suitable incident response plans, they must ensure that vendors meet high-security standards. To improve monitoring, they will need to invest in technology that would allow them to examine vendor security processes, especially when working with hundreds of vendors.
Enforce vendor security with RiskXchange
RiskXchange is the only 360-degree vendor risk management platform that allows businesses to protect their digital assets from cyber-attacks and third-party breaches by improving oversight into vendor infrastructure. The solution can help you oversee your attack surface, monitor vendor activity, and detect anomalies that indicate a cyberattack, all of which help you secure data, meet compliance requirements, and maximise vendor security infrastructure.