What You Need to Know About the NAIC Cybersecurity Model Law

By WebCE
Mar 28, 2019
What You Need to Know About the NAIC Cybersecurity Model Law In recent years, there have been multiple instances of cyberattacks and data breaches among large corporations such as Equifax. Due to these occurrences and in concert with other measures taking place in the financial services industry, the National Association of Insurance Commissioners (NAIC) created a cybersecurity model law for insurance companies, with the purpose of establishing standards for data security and investigations. The “Insurance Data Security Law” contains regulations on risk assessment, risk management, cybersecurity, and an incident response plan.

As with all NAIC model laws, the Insurance Data Security Law serves as a guideline for states and must be adopted by a state to be enacted into law. The U.S. Treasury Department has endorsed the model and has recommended its prompt approval and implementation by all states within the next few years .

South Carolina became the first state to adopt the NAIC model in 2017. Ohio and Michigan recently followed suit and legislation incorporating the NAIC model has been introduced in Rhode Island.

New York was actually the first state to mandate that financial institutions provide consumer and data protections against cyber attacks; this extensive regulation served as the basis for the NAIC’s model. California also recently passed a law that gives consumers control over their personal data that can be requested at any time.

As various states begin to adopt the NAIC cybersecurity model law, it’s important for individuals and companies in the financial services industry to stay compliant and up-to-date. WebCE has several courses covering the data security and cybersecurity topic:
  • Cybersecurity: Protecting Your Clients and Your Practice
  • Cybersecurity Awareness
  • Cybersecurity Best Practices
Each course will give financial service professionals an understanding of cyber risks and the potential harm that can result from cyber breaches and how to best protect client data. Courses can be taken for insurance CE credit where available, or can be taken for training from WebCE’s Workplace Training and Firm Element Training catalogs.

With stricter cybersecurity regulations, it is critical for insurers to increase their cybersecurity training efforts and provide each employee with the information they need for success. WebCE® can help organizations meet their cybersecurity training requirements with any of our cybersecurity courses. We can also create a custom course with your content. For a preview of our cybersecurity courses, contact corporate sales at [email protected] or call 877-488-9322.

View Courses  Corporate Solutions