Director McRaith Outlines FIO’s Cybersecurity Objectives

On March 17, Federal Insurance Office (FIO) Director Michael McRaith outlined FIO’s main cybersecurity objectives for the insurance industry at Networks Financial Institute’s 11th Annual Insurance Public Policy Summit in Washington, D.C.  Speaking to an audience that included insurance industry professionals and lobbyists, McRaith detailed the objectives as follows:

Support the Insurance Industry’s Self-Protection from Cyber Incidents.  To encourage strong cyber protections in the insurance sector, FIO promotes the adoption of voluntary cybersecurity standards, such as the NIST Cybersecurity Framework, and the implementation of consistent regulation.  McRaith asserted, “FIO will work with insurance regulators so that examination standards and practices for insurers are consistent with industry best practices, such as the NIST Framework, and supervisory practices employed by regulators of other financial institutions.”

Support Continued Development of Cyber-Related Insurance Products.  FIO wants cyber-related insurance products to further develop in design, benefits, and underwriting practices relative to cyber risk.  Incorporating policyholder NIST compliance into underwriting practices should result in increased cyber-risk awareness and improved cybersecurity practices by policyholders.

Establish International Standards.  Through the International Association of Insurance Supervisors (IAIS), FIO plans to work with regulators and supervisors to establish international cybersecurity standards in the insurance sector “so that globally we have standards for the industry and its supervision built on best practices that are appropriately rigorous” and to promote cross-border consistency.