While Ukraine may be a continent away, what is happening there now can have a large impact internationally regarding financial concerns. The conservative nature of insurance means insurers must have a certain amount of surplus funds; how an insurer's funds are invested becomes crucial when financial sanctions are leveled against a particular country. The Connecticut Insurance Department issued a notice on March 3 advising all insurers, domestic and those with international dealings, particularly life insurers, to take the following steps:
- Review their exposure to risks, cyber security plans, coverages, practices, investments, and regulatory requirements
- Know their insureds
- Consider rebalancing investments as appropriate.
The Commissioner reminded carriers of the state data security law and requirements for notification of any cybersecurity event, as there are concerns about cyberattacks against financial and other institutions. Insurers are advised to be aware of government information regarding foreign targets to critical infrastructure. The Cybersecurity and Infrastructure Security Agency (CISA), in conjunction with the FBI, issued a joint advisory providing information on malware that has been used to target organizations in Ukraine and guidance on detecting and protecting their networks against such attacks. CISA suggests that organizations:
- Lock privileged accounts with multi-factor authentication and implement additional monitoring
- Assess and confirm that information and operational technology systems are operating as designed
- Consider a tabletop exercise to be prepared in event of a cyber incident Report any suspicious activity
The CISA website Shields Up provides information and a reporting mechanism for cyber events.
Cyber events and suspicious activity should be reported to:
CISA and/or the FBI via your local FBI field office or the FBI's 24/7 CyWatch at (855) 292-3937 or [email protected]. Connecticut Intelligence Center (CTIC) at [email protected] and the Connecticut Insurance Department.
Link here for the notice from the department.