Guiding Principles

Guiding Principles to Advance Information Security in New York

The Independent Insurance Agents and Brokers of New York (IIABNY), New York Insurance Association (NYIA) and Professional Insurance Agents of New York (PIANY) released Guiding Principles to Advance Information Security in New York with the facilitation of the Center for Internet Security (CIS).

The principles are designed to provide a general road map for agents and companies and are the outcome of a roundtable discussion of representatives from the agent and carrier communities. The goal of the principles is to create a strong working relationship within the insurance industry to ensure agencies, companies and policyholders are better protected.

Guiding Principles to Advance Information Security in New York

Media Release   |    Information Security Advisory Group 

Advisory Group Weighs in on Proposed DFS Cybersecurity Regulation

October is National Cyber Security Awareness Month, which coincides with the kick off of the weekly rollout of the 12 guiding principles. Check back often as we will expand on one new guiding principle each week. Our take on each principle will be unique and presented in a variety of different ways. We hope you enjoy this insightful and straightforward approach to increase your information security know-how.

⇒ 10/03/16: Guiding Principle #1  

Commit to the EDUCATION of agents, company personnel, third party vendors and policyholders.”

In his Insurance Journal op-ed, Jeffrey Rice president and CEO of Wayne Cooperative Insurance Company discusses the importance of thorough and ongoing education about information security for anyone accessing information.

⇒ 10/10/16: Guiding Principle #2

“Understand that security is a MOVING TARGET, which necessitates the practice of continually revisiting standards and best practices.”

⇒ 10/17/16: Guiding Principle #3

“Recognize the need to protect information as a whole—breaches are NOT CYBER SPECIFIC.”

When we think of threats to agency information, we often think of computer hackers. But information exposure goes well beyond cyberspace. There is information swirling around us. It’s on the paper we use, the laptops that could be left in a car, the mobile device left on a restaurant table. Think of all the information we share with those standing nearby when we have a phone conversation. It is important to recognize all threats to agency information and have a plan in place to protect it.

⇒ 10/24/16: Guiding Principle #4

“Look to reputable security resources for guidance in ESTABLISHING STANDARDS.”

This article, produced in collaboration with the Center for Internet Security, highlights:

  • State and federal laws and regulations with which companies and agencies may have to comply
  • Frameworks they may use to shape information security programs
  • Tools to help identify and prioritize the tasks involved
  • Publications to guide them in properly configuring security hardware and software


⇒ 10/31/16: Guiding Principle #5

“Develop a written INFORMATION SECURITY PROGRAM with the requirement that those accessing data, including third party vendors, conform to your standards.” cybersecurity6_page_1

⇒ 11/8/16: Guiding Principle #6

“DETERMINE VULNERABILITIES through regular security risk assessments and penetration tests.”

Tips to help assess your security systems at different intervals.


⇒ 11/16/16: Guiding Principle #7

Create an INCIDENT RESPONSE PLAN and regularly test the plan.”

Click on the image below to explore Merchants Insurance Group’s suggested incident response plan.

⇒ 11/21/16: Guiding Principle #8


It’s a scary world out there when it comes to cyber security and the information about others you keep! Watch the video below to learn how to protect your business.

⇒ 11/28/16: Guiding Principle #9

Utilize STRONG PASSWORDS and other security featured to access information.”

Click on the image below to learn more about how to utilize strong passwords.

⇒ 12/5/16: Guiding Principle #10

appropriate patches are in place.”

Click on the image below to learn more cyber security tips.


⇒ 12/15/16: Guiding Principle #11

“Obtain cyber security INSURANCE COVERAGE.”

Click on the image below to read five things every agent should know about cyber insurance.

⇒ 12/19/16: Guiding Principle #12

“Guard against REPUTATIONAL RISK–information
security is a shared responsibility.”

Click on the image below to learn more about securing your cyber reputation.

Share This