[ad_1]
Over the previous couple of years, the work of the Cybersecurity (H) Working Group of the Nationwide Affiliation of Insurance coverage Commissioners (“NAIC”) has centered on cybersecurity danger to insurance coverage licensees equivalent to insurance coverage carriers, insurance coverage intermediaries,[1] and third-party service suppliers to insurance coverage licensees. This 12 months the working group’s work will include two parallel tracks: the standard cybersecurity danger, and a brand new emphasis on cyber insurance coverage protection. In her dialogue of proposed subjects for the 2024 work plan, the Chair highlighted cyber protection questions particular to ransomware, D&O, and whether or not or not cyber insurance coverage merchandise are offering the protection that policyholders count on.
The working group accepted the twice revised Cybersecurity Occasion Response Plan (“CERP”), a voluntary information that state insurance coverage regulators might make the most of following a cybersecurity occasion, equivalent to a breach notification by an insurance coverage licensee. The CERP was subsequently accepted by the working group’s mum or dad committee, the Innovation, Cybersecurity & Expertise (H) Committee.
As talked about above, the working group is engaged on a 2024 work plan addressing each the cyber danger and cyber protection parallel tracks, notable proposed points embody:
- new cyber clean working its manner by Monetary (E) Committee subgroups,
- referral to the Info Expertise Examination (E) Working Group concerning examination requirements/protocols,
- influence of {hardware} and software program legacy techniques,
- one-to-many reporting,[2]
- XBRL[3]? Ought to we or shouldn’t we? and
- knowledge modernization & standardization.
In step with many different NAIC working teams and activity forces the Cybersecurity (E) Working Group will proceed and increase its work pertaining to third-party distributors, broadly outlined.
As a part of its persevering with training cost, the working group heard shows from the American Academy of Actuaries in regards to the Cyber Danger Toolkit developed by the Committee on Cyber Danger of the Casualty Follow Council. The working group additionally heard a presentation from CyberAcuView concerning its work and particularly the outcomes of a data-call centered on 2019-2023 third-quarter knowledge.
Locke Lord will proceed to observe cybersecurity developments on the NAIC. If in case you have any questions, please attain out to the writer or your Locke Lord companion.
[1] For instance, insurance coverage producers, managing common brokers, reinsurance intermediaries, and third-party directors.
[2] One-to-many references the problems inherent in reporting to a number of regulatory stakeholders pertaining to widespread incidents that cross jurisdictional borders. For example, in an earlier iteration of the CERP, the working group thought of using the lead state idea as a technique to scale back the reporting burden on licensees within the midst of investigating a cybersecurity occasion.
[3] XBRL stands for eXtensible Enterprise Reporting Language. It’s a international framework for the digital alternate of monetary, efficiency, danger, and compliance info.
[ad_2]
