The National Association of Insurance Commissioners (NAIC) is ratcheting up its efforts to tackle cybersecurity issues. Following up on its adoption of Guiding Principles for Cybersecurity this spring and developing new reporting requirements for insurers to better track cyber insurance policies issued in the marketplace, the NAIC is moving forward with three additional initiatives designed to help protect consumer information and educate the public about cyber risks.
The three NAIC initiatives are:
- The NAIC's Cybersecurity Task Force released a Consumer Cybersecurity Bill of Rights draft this week for public comment. The bill of rights is intended to set standards for helping consumers if their personal information is compromised. The Task Force expects to adopt these standards within the next 30 days;
- The Cybersecurity Task Force is also coordinating with state insurance regulators to conduct examinations of insurance companies to verify companies are taking appropriate steps to protect sensitive data, including confidential personal information;
- The NAIC is co-sponsoring a forum with the Center for Strategic and International Studies (CSIS) on Sept. 10 in Washington, D.C., entitled "Cyber Risk Management and Insurance." Cyber experts, policymakers and business leaders will discuss cyber risks faced by American businesses and consumers, and how best to manage those risks.
"Ramping up our efforts in this critical area will help state insurance departments better address both the threat and responses to cyber breaches," said Monica J. Lindeen, NAIC President and Montana Insurance Commissioner. "Understanding what regulators, consumers and companies can do to craft best practices will help minimize the impact on insurance consumers and the insurance industry in the long-term."
"Since before the first major breach of an insurer, the NAIC has been at the forefront of cyber issues," said Adam Hamm, North Dakota Insurance Commissioner and Cybersecurity Task Force Chair. "We will continue our work at the NAIC to protect consumers and support efforts to improve cybersecurity in the insurance sector."