Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Insurance regulators set goals for cyber security rules

Reprints
Insurance regulators set goals for cyber security rules

Cyber security regulatory guidance for insurers and insurance producers must be flexible, according to principles issued by the National Association of Insurance Commissioners.

The 12 principles, announced Friday “will serve as the foundation for protection of sensitive consumer information held by insurers as well as insurance producers and guide regulators who oversee the insurance industry,” said NAIC President Monica J. Lindeen, in a statement. Ms. Lindeen also serves as Montana commissioner of securities and insurance.

Among other things, cyber security regulatory guidance should also be “scalable, practical and consistent with nationally recognized efforts such as those embodied in the National Institute of Standards and Technology,” according to the principles, which were adopted by the insurance regulatory group's Cybersecurity Task Force,

The principles also hold that cyber security risks should be incorporated and addressed as part of underwriters' or producers' enterprise risk management process. “Cyber security transcends the information technology department and must include all facets of an organization,” according to the NAIC.

In addition, the principles say that regulatory guidance must be risk-based “and must consider the resources of the insurer or insurance producer.” The NAIC adds, however, that a minimum set of cyber security standards must be in place for “all insurers and insurance producers that are physically connected to the Internet and/or other public data networks, regardless of size and scope of operations.”

Read Next

  • Cyber security input sought by NAIC

    The National Association of Insurance Commissions has released a draft of “Principles for Effective Cybersecurity Insurance Regulatory Guidance” for public comment.