The cybersecurity task force of the National Association of Insurance Commissioners (NAIC) has adopted the Principles for Effective Cybersecurity Insurance Regulatory Guidance, as of 16 April 2015.
The document identifies types of safeguards regulators expect insurers to have in place to protect consumers from cybersecurity breaches.
The 12 principles adopted by the NAIC direct insurers, producers, and other regulated entities to join forces in identifying risks and adopting practical solutions to protect information entrusted to them.
The principles are intended to establish insurance regulatory guidance that promotes coordination and protects insurance consumers.
According to the NAIC, cybersecurity risks have become more significant as critical consumer financial and health information is increasingly stored in electronic form.
Recent high-profile data breaches have led regulators to work towards strengthening insurer defences against attacks.
“These principles will serve as the foundation for protection of sensitive consumer information held by insurers as well as insurance producers and guide regulators who oversee the insurance industry,” said Monica Lindeen, NAIC president and Montana commissioner of securities and insurance.
