Of all the issues currently facing the insurance industry, perhaps none is more important than cybersecurity. The recent data breaches at four insurance companies focused attention on the insurance sector as a whole and how prepared it is to deal with this enormous challenge. In this article, I will discuss the steps being taken by state insurance regulators to address cybersecurity. Executive SummaryU.S. insurance regulators are tackling cyber-related issues at a record pace. Here, North Dakota Insurance Commissioner Adam Hamm, who chairs the NAIC Cybersecurity Task Force, explains why, providing an update on last year’s activities and the latest action: the March 2016 release of a draft of a new cybersecurity model law for public comment.
Defining the Problem
On one hand, threats to data privacy are not new for businesses, regulators or consumers. Regulators and legislatures have required businesses to protect consumer data for decades. On the other hand, the modern size, scale and methods of data collection, transmission and storage all present new challenges.
As society becomes more reliant on electronic communication, and as businesses collect and maintain ever more granular information about their customers, the opportunity for bad actors to inflict damage on businesses and the public increases exponentially.