Printed from BusinessInsurance.com

Cyber security input sought by NAIC

Posted On: Mar. 13, 2015 12:00 AM CST

The National Association of Insurance Commissions has released a draft of “Principles for Effective Cybersecurity Insurance Regulatory Guidance” for public comment.

“This document will help state insurance departments identify uniform standards, promote accountability, and provide access to essential information,” the Kansas City, Missouri-based NAIC said Thursday in a statement. “It also outlines the process for working with the insurance industry to identify risks and offer practical solutions.”

Insurance regulators have a “significant role and responsibility” regarding protecting consumers from cyber security risks, regarding insurers' efforts to protect sensitive customer health and financial information, and protecting sensitive information housed in insurance departments and at the NAIC, say three of the 18 principles listed in the draft.

Other principles listed include that effective cyber security guidance must be “risk-based and threat-informed” and that sensitive data should be encrypted.

The NAIC also issued a second draft document, an annual statement supplement for cyber security policies.

Comments on both drafts should be submitted to psimpson@naic.org by March 23.