Skip to Content

NY.gov Portal State Agency Listing

Translate | Disclaimer

Opening Statement of Gregory V. Serio, Superintendent of Insurance, before the Temporary Joint Legislative Committee on Disaster Response and Preparedness and the NYS Senate Standing Committee on Veterans, Homeland Security and Military Affairs

September 29, 2003

Testimony

Chairman Balboni, Chairman Destito, thank you for allowing me to appear before this joint/committee hearing examining the threat of cyber terrorism.

Admittedly, insurance may not be the first thing a person thinks about when contemplating the potential incidence of and fallout from cyber terrorism. However, when one thinks of cyber terrorism as a convenient pathway to broaden terrorism objectives – geopolitical unrest and financial or economic destabilization as well as a risk and disturbing menace in and of itself, insurance quickly comes into focus.

I would like to focus, for a few moments, on the three areas where cyber terrorism and insurance, as a major component of the state’s and nation’s financial services infrastructure, interface:

In conjunction with the Governor’s Office, the State Office of Public Security, the State Office of Cyber Security and Critical Infrastructure Coordination and a host of federal financial services regulatory and critical infrastructure protection agencies, the New York Insurance Department has been a leader among insurance regulators nationwide in assessing the preparedness of and assisting insurers in planning and executing cyber security strategies. Insurers, as a major component of any economy’s critical infrastructure, as significant users of technology in their financial and marketplace activities, as potential targets for acts of financial terrorism, are an appropriate focus of our regulatory attention as respects the security both of individual institution’s systems as well as their larger monetary system with which it performs numerous important transactions everyday. Add to this already significant dimension, the notion that insurers are a critical element of any effort to respond to a disaster of any kind – the insurance dollars often times bring the first dollar into an affected community and is the single most important element of starting any recovery process – and there is a clearly compelling need for governmental and industry to work together to build and maintain most secure technological system possible.

Propelling cyber pursuit of this mutually desirable objective is an unprecedented degree of information sharing between government and insurers as to:

There are also unprecedented levels of inter-agency cooperation on all levels of government which have any role in financial services regulations or critical infrastructure protection. A few examples:

Through these initiatives, the New York Insurance Department and its partners in government and industry have created an unparalleled level of communication and an unequivocal commitment to pursuing every avenue of inter-agency cooperation and public/private partnership to achieve the highest degree of security possible.

Areas that need more work, and quickly need more work, are the ability of businesses to protect themselves from cyber attacks and the incentive for businesses to plan, prepare, and practice for and against potential cyber-security events. Traditional insurance policies, many using language, terms, endorsements pre-dating the cyber age, generally do not reflect the hazards of or harms from technology compromises, by they man-made or fortuitous. The natural incentives that come from paying premiums for coverage, and the desire to minimize risk by prevention are largely not in play with most standard policy forms with the exception of tailor-made, manuscript policies – when coverages, endorsements, limitations and exclusions are custom crafted, most policies do not provide for business interruption, civil authority, loss of income and profit and related commercial coverages for losses arising from cyber-events. For a great many – and growing – number of businesses, these types of occurrences, without insurance, could be as devastating as any hurricane or fire.

If we are to truly secure our economy, the government and insurance industry ability to respond to disaster must be partnered with business’ ability to buy coverage, prevent or mitigate loss and otherwise care for itself first and foremost. As the Governor has encouraged with this bill to allow for the selling of civil authority coverage as a distinct and stand-alone risk, so too must we modernize our state insurance laws to provide better, more meaningful coverage for those who work in or rely upon cyber-space for these services of their business. By all accounts, that’s probably just about all of us.

Thank you again for this opportunity to speak on a most important topic, and I would be happy to answer any questions.