Our Threat Response Unit (TRU) publishes security advisories, blogs, reports, industry publications and webinars based on its original research and the insights driven through proactive threat hunts.
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company's mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
How eSentire helps your organization map your security program against the NAIC Insurance Data Security Model
As part of the insurance industry and its supporting ecosystem, a combination of business factors and security vulnerabilities increase your cyber risk and make your organization a high-profile and lucrative target for ransomware gangs and other bad actors fuelling the cybercrime economy:
The application and claims processes require insurance carriers, agents, and brokerages to manage an unparalleled volume of valuable PII, financial accounting details, and protected healthcare information (PHI).
The shift to online or app-based customer self-service and even live-data tracking technology deployed on hybrid cloud platforms and legacy back-end infrastructure creates new potential exploitation opportunities and increases the attack surface.
Criminals view the insurance industry as weakly defended targets and understand how to attack you with proven methods that lead to massive ransomware outages, public exposure, and crippling reputational damage.
Attackers intentionally exfiltrate client data from your business and then use that stolen policyholder information Attackers intentionally exfiltrate client data from your business and then use that stolen policyholder information to identify your lucrative customers, create lures guaranteed to ensnare their targets, and even negotiate ransoms that fall within the client’s coverage.
Where Every Insurer Should Start: Using the NAIC Insurance Data Security Model Law as a Guide
The National Association of Insurance Commissioners (NAIC) drafted the Insurance Data Security Model Law in reaction to data breaches involving large insurers. Following this effort from the NAIC, several states adopted and put into effect laws to formalize insurance data security protections for all insurance licensees.
While the purpose of the NAIC Model Law is to establish standards for data security and breach notification for licensees, it also serves as a good framework to start from as your organization looks to develop an end-to-end cybersecurity and incident response plan that will ensure data security and prevent business disruption. eSentire has broken down the NAIC guide to provide tangible recommendations that can be leveraged as a Cyber Risk checklist in terms of service integration and adoption by insurers.
Core Components of the NAIC Model Law
Investigation, Incident Recovery, and Determination of Extent
If your organization experiences a cybersecurity breach, an incident response provider should determine:
Whether a cybersecurity event has occurred
The full extent of compromised assets and determine root cause
The appropriate steps to return to service
Notification of a Cybersecurity Event
Know and understand what stakeholders need to be notified in the event of a breach:
State(s) government
Insurance commissioner(s)
Affected customers and policyholders
Third parties and supply chain partners
How eSentire Can Help
We are recognized globally as the Authority in Managed Detection and Response because we hunt, investigate, and stop known and unknown cyber threats before they become business disrupting events. We were founded in 2001 to secure the environments of the world’s most targeted industry - financial services. Over the last two decades we have scaled our cybersecurity services offering to hunt and disrupt threats across every industry on a global scale. With two 24/7 Security Operations Centers, hundreds of cyber experts, and 1500+ customers, across 80+ countries, we have demonstrated the ability to Own the R in MDR with a Mean Time to Contain of 15 minutes. While many companies focus on detection, we recognize that there is no end to cyber risk. Preventative technologies will be bypassed, and defenses will fail. That’s why eSentire prioritizes Response. Our MDR is really MDR3 - Response, Remediation and Results.
We proudly protect some of the leading insurance-related companies. We would welcome the opportunity to outline how we can help defend your firm with advanced detection, 24/7 threat hunting, deep investigation, and end-to-end coverage that protects your organization and policyholders.
Our cybersecurity services include:
Ready to Get Started?
We’re here to help! Submit your information and an eSentire representative will be in touch to help you build a more resilient security operation today.
Cookies allow us to deliver the best possible experience for you on our website - by continuing to use our website or by closing this box, you are consenting to our use of cookies. Visit our Privacy Policy to learn more.
