- Privacy Risk Report - https://privacyriskreport.com -

Insurance Commissioners Consider Cybersecurity Regulatory “Principles” for Cyber Insurers

The National Association of Insurance Commissioners (NAIC [1]), an organization that provides support and coordinates the efforts of state insurance regulators, will focus on cybersecurity issues at its meeting in Phoenix, Arizona on March 28, 2015 through March 31, 2015. The NAIC Industry Liaison Committee is scheduled to meet and hear a panel discussion on cyber insurance on March 30, 2015.

The NAIC will review and comment on documents that may ultimately be adopted by state insurance regulators. One draft document, Principles for Effective Cybersecurity Insurance Regulatory Guidance [2], was developed by the Cybersecurity (EX) Task Force of the NAIC to “help state insurance departments identify uniform standards, promote accountability and provide access to essential information.” This document was developed to outline the process for insurance regulators to work with the insurance industry “to identify risks and offer practical solutions” related to cybersecurity. The draft proposed on March 12, 2015 is based on 18 “Principles” for insurance commissioners to “provide effective cybersecurity guidance” to insurance companies and includes the following:

The NAIC’s Principles, intended to bring uniformity and accountability for cybersecurity to the insurance industry, are important because insurers have sensitive data and provide services based on their integrity. While a breach at Target or Home Depot has proven to be a tremendous problem, a data breach or hack at an insurer offering cyber insurance may undermine the entire cyber insurance system.

Tressler will continue to provide updates on the NAIC’s review and comments of these Principles.