The cyber insurance market landscape continues to change, as insurers grapple with the growing threats hackers pose to policyholders. But less discussed are insurers’ internal cyber security practices. Insurers possess extensive personal information about policyholders, making insurers attractive targets for hackers.
In October 2017, responding to these concerns, the National Association of Insurance Commissioners (the NAIC), adopted the “Insurance Data Security Model Law,” also known as Model Law 668. Model Law 668 was based on New York’s first-of-its-kind cybersecurity regulation. New York’s regulation, enacted in March 2017, established minimum cybersecurity standards for insurance companies, banks, and other financial services institutions.