Strong cybersecurity measures and practices for companies doing business today is a legal requirement, as every regulated company in the United States—like those in the insurance sector—is subject to some sort of cyber regulation. To do business in many states, insurance and other financial services companies must meet certain requirements.
Cyber regulations vary by state. New York’s Department of Financial Services led the way, with comprehensive requirements that set the benchmark for several other states. As such, New York’s requirements provide a great starting framework for financial services entities looking to operate across the United States.
The specific regulations vary depending on the size and maturity of the company, and as the company grows, the requirements become more stringent. From the beginning of our company, we made a conscious decision to go above and beyond with our compliance, which has yielded several key benefits as we have grown over the last two years. By aiming high and going beyond what is absolutely required by state cyber regulations from the outset, we’ve found that setting up our systems and processes to be compliant has been a lot easier than having to retrofit once we hit key milestones.
In so doing, we have managed to keep costs down while maintaining a high level of efficiency that benefits brokers and insureds. But another benefit to going above and beyond our mandated cyber regulation compliance is that it establishes strong protocols for those on our team and ensures that they exhibit the right behavior when it comes to cybersecurity.
Many companies, especially startups, see cyber compliance as a series of hurdles that they must clear as their company grows and progresses. But by aiming high from the early days, we’ve cleared many of the hurdles from our path, allowing us to focus on the mission at hand: providing the best, fastest, and most efficient insurance experience to brokers and insureds.
