By Adam Hamm, Managing Director
Risk and Compliance
Cybersecurity and technology represent immense challenges and opportunities for all insurers and financial services companies. Organizations need to protect sensitive information and customer data to the greatest extent possible, and to recover as quickly as possible in the event of a breach.
Insurance companies store large amounts of personal information about their policyholders. Cybercriminals know this, and have been increasingly targeting insurers. The past two years have seen a dramatic increase in successful cyberattacks, exposing the personally-identifiable information of more than 100 million Americans. As a result, state insurance regulators have been looking for ways to protect consumers and ensure the integrity of the industry. This month, New York became the first state to adopt cybersecurity guidelines. And the National Association of Insurance Commissioners (NAIC) is working towards completing its Data Security Model Law.
Last week, we published a new white paper on the upcoming Own Risk and Solvency Assessment (ORSA) requirement for insurers in 2015. ORSA is a key part of the Solvency Modernization Initiative of NAIC. For the insurance industry specifically, the ORSA challenges organizations to think about their solvency and risk management processes as part of their overall risk strategy, instead of just once a year when filing the report.
In this white paper, we provide an overview of the ORSA requirement and guide you through the ORSA process and report. We examine the risk management frameworks of leading insurance companies for common traits and issues, such as the lack of integration among various risk frameworks inside organizations. Readers can benefit from several specific suggestions aimed at helping insurers replace the traditional risk management process with a forward-looking one that embraces a more comprehensive enterprise risk management framework, as well as considers the organization’s solvency and capital adequacy. The hope is that by assessing risk in a continuous, future-oriented manner, companies can avoid repeating some of the mistakes and excesses that led to the turmoil of the financial crisis.