From: Association of Corporate Counsel
Mary Jane Wilson-Bilik and John S. Pruitt | Sutherland Asbill & Brennan LLP
The NAIC has begun its efforts to amp up state insurance department oversight of cybersecurity practices with the release of two documents for public comment. The first, entitled Principles for Effective Cybersecurity Insurance Regulatory Guidance (the “Principles”), is a document listing 18 principles for effective regulatory guidance regarding the protection of the insurance sector’s data security and infrastructure. The second is a proposed supplement to the annual statement to provide disclosure about cybersecurity insurance coverage written by U.S. licensed insurers. Comments on both drafts are due March 23.
The Principles were developed by the NAIC’s Cybersecurity (EX) Task Force, which is charged with making recommendations on cybersecurity issues, coordinating with other NAIC committees, and communicating with other groups outside the NAIC on cybersecurity issues, including information sharing. The NAIC has stated the Principles will help state insurance departments identify uniform standards, promote accountability, and provide access to essential information. It also described the Principles document as outlining a process for working with the insurance industry to identify risks and offer practical solutions.
Leave a Reply