Cybersecurity is an issue of growing importance for insurers as well as society in general. Insurers encounter cybersecurity issues in a variety of ways. Like all members of the interconnected business community, insurers are potential targets as they hold consumer personal information. Because of this, insurers have an obligation to take steps to protect that information as well as to play a role in the development of how society responds to the growing exposure to cyber risk by insuring.
The economic vitality and national security of the United States depends on a stable, safe, and resilient cyberspace. Individuals and business rely on a vast and interconnected array of networks for power, communications, financial services, transportation, and health, in addition to the provision of government services. Almost no aspect of 21st century life is not directly affected or threatened by cyber criminals and terrorists.
The 114th Congress passed legislation incentivizing the sharing of cyber-threat information between the private sector and the federal government. The main provision in the bill, called the Cybersecurity Information Sharing Act (CISA), provides protections from liability, non-waiver of privilege, and protections from Freedom of Information Act disclosure to encourage companies voluntarily to share information—specifically, information about “cyber threat indicators” and “defensive measures”—with the federal government, state and local governments, and other companies and private entities. To qualify for these protections the information shared must meet strict requirements such as the removal of personal information.
NAMIC supports federal activity that would help improve the nation’s ability to withstand cyber-attacks through threat information-sharing. Any information sharing requirements should not be overly burdensome and any security standards must be technologically neutral and based on outcomes.
September 14, 2020 NAMIC is leading a cross-industry effort calling on Congress to extend the authorization of the National Flood Insurance Program before its Sept. 30 expiration... Read more
September 14, 2020 A ruling is expected Sept. 15 from a British high court to resolve legal issues concerning the interpretation of common business interruption policy wordings regarding the pandemic. The ruling comes after an eight-day trial in July and will be legally... Read more
September 14, 2020 NAMIC has requested that the federal District Court for the District of Columbia continues a stay of the association’s litigation against the Department of Housing and Urban Development for an additional 90 days to provide time to analyze the 171-page... Read more
In 2014, the NAIC formed a Cybersecurity Task Force to undertake an ambitious agenda of work products, following the disclosure of a massive security breach at the health insurer Anthem. The Task Force developed a set of regulatory principles, proposed a “Bill of Rights” for consumers, and set out to develop a model law addressing data security issues for insurers and other regulated entities. The Task Force also enhanced financial exam standards to focus on cybersecurity issues and developed a supplement to the annual statement to collect information on insurers’ writing of cybersecurity insurance.
The NAIC Cybersecurity Task Force development of both data security standards and security breach protocol measures has involved addressing many issues including: 1) the breadth of definitions regarding personal information and cybersecurity breach event; 2) the inclusion of a harm trigger to determine when notice to regulators and consumers is required; and 3) the obligation to ensure proper measures and practices of third-party service providers.
NAMIC has engaged in every initiative undertaken by the Cybersecurity Task Force by continually stressing the need for regulatory measures to be risk-based and scalable to match the needs and abilities of entities of varying size and complexity, and to be workable from a compliance perspective.
September 17, 2020 The NAIC’s newly formed Special (EX) Committee on Race and Insurance will host its first meeting on Sept. 17... Read more
September 17, 2020 When the Statutory Accounting Principles (E) Working Group met on July 30 during the NAIC virtual summer national meeting, it exposed for comment a request for feedback regarding the development of authoritative guidance for... Read more
September 17, 2020 The NAIC Casualty Actuarial and Statistical (C) Task Force on Sept. 15 adopted unanimously by conference call its predictive modeling white paper on the property/casualty industry’s use of predictive analytics and modeling in... Read more
September 17, 2020 Significant steps toward the development of the NAIC Group Capital Calculation have taken place over the summer, including the near finalization of the GCC template and instructions and major progress on required amendments to... Read more
September 17, 2020 The NAIC Innovation and Technology Task Force continues to move forward on the revision of the NAIC Model Unfair Trade Practices Act. The goal is to modernize anti-rebating prohibitions especially to value-added services that provide for... Read more
Understanding the Evolving Cybersecurity Standards Landscape for Insurers
The amazing benefits of a technologically advanced and interconnected society have not been attained without the price of sobering exposure to substantial and even potentially catastrophic harm. The headlines regularly convey the latest security breaches, typically involving increasing volumes of a variety of information being accessed or stolen, affecting a larger number of individuals as potential victims. Unsurprisingly, the insurance industry, given its role in supporting risk management by businesses and individuals, has not been immune in...
August 17, 2020 The NAIC Privacy Protections (D) Working Group met virtually on July 30 as part of the 2020 Summer National Meeting. Its agenda focused in on returning to the topic rather than focusing on substantive concepts and provisions. Most of the meeting was... Read more
July 20, 2020 Rep. Al Green, D-Texas, is proposing an amendment to the National Defense Authorization Act that would require the Government Accountability Office to conduct a study analyzing availability of insurance coverage in the U.S. for... Read more
June 19, 2020 Enacted HB 614 substantially adopts the provisions of NAIC’s Insurance Data Security model law. Read more
April 28, 2020 The Virginia Bureau of Insurance has solicited comments from NAMIC and its member companies on implementing regulations associated with HB 1334, the Virginia Insurance Data Security Act, passed during the... Read more
March 30, 2020 NAMIC dialed in for business and infrastructure partner calls March 25-26 with the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. Read more