State of Connecticut - Insurance Department

March 3, 2022



Due to the increase in geopolitical risk originating from events in Eastern Europe and the threat of cyber-attacks, the Connecticut Insurance Department is asking insurers to stay on high alert and be vigilant in their efforts to protect their operations, consumer data, and investments.

As potential threats to operations increase, domestic insurers, and insurers with international dealings -especially life insurers - should review their exposure to risks, review their cyber security plans, coverages, and practices, know their insureds, review their investments and regulatory requirements, and consider rebalancing their investments as appropriate.

Domestic insurers are reminded of the restrictions around company investments set forth in Conn. Gen. Stat §§ 38a-102 to 38a-102i, which establish standards and limits on insurance company investments. In addition, insurers should be cognizant of the recent slate of U.S., U.K., European Union, and NATO allies’ financial sanctions levied against Russia and its ally Belarus and the resulting impact on markets. The United Nations General Assembly on Wednesday overwhelmingly voted to reprimand Russia for invading Ukraine which will likely result in further economic measures. The value of the ruble has hit record lows as sanctions have crippled the Russian economy and forced the country's stock market to close.

Domestic insurers are also reminded of the standards and practices set forth by the Connecticut Insurance Data Security Law, Conn. Gen. Stat. § 38a-38, specifically concerning notification to the Commissioner of a cybersecurity event.

Insurers should be aware that the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) released a new CISA Insight, Preparing for and Mitigating Foreign Influence Operations Targeting Critical Infrastructure, which provides critical infrastructure owners and operators with guidance on how to identify and mitigate the risks of influence operations that use mis-, dis-, and mal-information (MDM) narratives.

On February 26, CISA and the Federal Bureau of Investigation (FBI) issued a joint Cybersecurity Advisory providing an overview of destructive malware that has been used to target organizations in Ukraine as well as guidance on how organizations can detect and protect their networks.

CISA is suggesting that organizations:

  • Ensure privileged accounts are locked down (e.g., Multi-Factor Authentication) and implement additional monitoring of these accounts.
  • Assess that your information technology and operational technology systems are functioning as designed.
  • Consider conducting an incident response tabletop to be prepared.
  • Report any suspicious activity/incidents during this period of heightened geopolitical tension (i.e., nothing is too small).

The U.S. Department of Homeland Security’s CISA Agency have a website, Shields Up, to deal with cyber events and that can be used to report a suspicious activity/incident. As the nation’s cyber defense agency, CISA is available to help organizations improve cybersecurity and resilience, including through cybersecurity experts assigned across the country. In the event of a cyber incident, CISA can assist victim organizations and use information from incident reports to protect other possible victims.

All organizations should report incidents and anomalous activity to CISA and/or the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or

Cyber incidents should also be reported to the Connecticut Intelligence Center (CTIC) at and the Connecticut Insurance Department.