Are You Prepared to Comply with New Cybersecurity Regulations?

Important Information on the NAIC Insurance Data Security Model Law

Cybersecurity threats are very real and very serious. The consequences of data security breaches can be costly and devastating for both consumers and insurers. Many industries are adopting new standards to protect personal and identifying information, including new insurance data regulations.

The National Association of Insurance Commissioners (NAIC) adopted the “Insurance Data Security Model Law” in November 2017. The law requires insurance organizations to employ comprehensive cybersecurity programs, and while the new regulations are only part of a model law, they are quickly being adopted by individual states.

The goal of the Insurance Data Security Model Law is to provide guidelines for insurers to protect their customer information. This keeps customer data safe and helps insurance companies stay out of hot water with security breaches. The law includes training requirements, response plans, testing and more.

What does the Model Law require?

1. Every insurance company will develop, implement and maintain a written Information Security Program based on the company’s unique risks, to include safeguards for the protection of nonpublic information and the company’s information system. The Information Security Program must be updated to reflect new technology, threats, business situations, etc.
2. Designate an individual or outside vendor to act on behalf of the insurer with regard to its security program. Third party service providers must also comply with data security regulations in order to continue doing business with insurers.
3. Assess the likelihood and potential damage of threats, as well as the sufficiency of policies and procedures to manage these threats (including employee training)
4. Provide company personnel with cybersecurity awareness training that is updated as necessary to reflect cyber risks identified by the company.

The NAIC model law comes on the heels of the New York Department of Financial Services Cybersecurity Regulations. The model law has been adopted by New York, South Carolina and Rhode Island, with more states expected to adopt the law soon.

With stricter Cybersecurity regulations, it is critical for insurers to increase their cybersecurity training efforts and provide each employee with the information they need for success. WebCE^® can help organizations meet their cybersecurity training requirements with our upcoming Cybersecurity course. We can also create a custom course with your content. For a preview of our Cybersecurity course, contact corporate sales at [email protected].

Additional Resources:

Understanding the NAIC Insurance Data Security Model Law