In the wake of some of the largest insurance company data breaches, the National Association of Insurance Commissioners has followed on the heels of the Securities and Exchange Commission and has issued “guidance” on cybersecurity. In April, the Cybersecurity (EX) Task Force of the NAIC adopted the Principles for Effective Cybersecurity Insurance Regulatory Guidance.Executive SummaryOne of the Principles for Effective Cybersecurity Insurance Regulatory Guidance adopted by the NAIC in April states that regulatory guidance should be consistent with nationally recognized efforts like those of the National Institute of Standards and Technology framework.
Here, Dan Bonnet from Dell SecureWorks explains the five functions of a NIST framework.
Although there has been a lot of attention on two different health insurance companies that were recently breached, just a couple of years ago there was plenty of coverage on a large mutual insurance company known mostly for its P/C line. The guidance is aimed at all insurers. (Editor’s Note: In October 2012, hackers infiltrated internal networks of Nationwide Mutual Insurance, compromising personal information of roughly 1.1 million existing and potential customers.)