State insurance commissioners unveil more cyber security standards

The National Association of Insurance Commissioners is ratcheting up its efforts to tackle cyber security issues with three additional initiatives, including one to help regulators verify insurers are protecting personal information.

The NAIC’s cyber security task force is coordinating with state insurance regulators to conduct examinations of insurers to verify companies are taking appropriate steps to protect sensitive data, including confidential personal information, the Kansas City, Missouri-based NAIC said Tuesday in a statement.

Additionally, the task force released for public comment a “Consumer Cybersecurity Bill of Rights” draft that is intended to set standards for helping consumers if their personal information is compromised. The task force expects to adopt these standards within the next 30 days.

Its third initiative is to co-sponsor a Cyber Risk Management and Insurance forum with the Washington-based Center for Strategic and International Studies on Sept. 10 in Washington, where cyber experts, policymakers and business leaders will discuss cyber risks faced by American businesses and consumers, and how best to manage those risks.

“Ramping up our efforts in this critical area will help state insurance departments better address both the threat and responses to cyber breaches,” Monica J. Lindeen, NAIC president and Montana insurance commissioner, in the statement.

“Understanding what regulators, consumers and companies can do to craft best practices will help minimize the impact on insurance consumers and the insurance industry in the long term," Ms. Lindeen said.

In April, the NAIC issued to generally positive reviews cyber security regulator guidance that spells out a dozen principles for regulators to follow when dealing with insurer-related cyber security issues.