NAMIC - Our Positions | Cybersecurity

Cybersecurity is an issue of growing importance for insurers as well as society in general. Insurers encounter cybersecurity issues in a variety of ways. Like all members of the interconnected business community, insurers are potential targets as they hold consumer personal information. Because of this, insurers have an obligation to take steps to protect that information as well as to play a role in the development of how society responds to the growing exposure to cyber risk by insuring.

Federal Government

The economic vitality and national security of the United States depends on a stable, safe, and resilient cyberspace. Individuals and business rely on a vast and interconnected array of networks for power, communications, financial services, transportation, and health, in addition to the provision of government services. Almost no aspect of 21st century life is not directly affected or threatened by cyber criminals and terrorists.

The 114th Congress passed legislation incentivizing the sharing of cyber-threat information between the private sector and the federal government. The main provision in the bill, called the Cybersecurity Information Sharing Act (CISA), provides protections from liability, non-waiver of privilege, and protections from Freedom of Information Act disclosure to encourage companies voluntarily to share information—specifically, information about “cyber threat indicators” and “defensive measures”—with the federal government, state and local governments, and other companies and private entities. To qualify for these protections the information shared must meet strict requirements such as the removal of personal information.

NAMIC Position | Federal Government

NAMIC supports federal activity that would help improve the nation’s ability to withstand cyber-attacks through threat information-sharing. Any information sharing requirements should not be overly burdensome and any security standards must be technologically neutral and based on outcomes.

BuildStrong Coalition Hosts Webinar on Building Codes, FEMA’s BRIC Program

October 26, 2020 The BuildStrong Coalition hosted a webinar Oct. 23 to educate stakeholders about ways that the use of modern building codes can increase their chances of receiving funds through the Federal Emergency Management Agency ’s Building Resilient... Read more

Housing Groups File Legal Challenge to New HUD Disparate Impact Rule

October 26, 2020 A coalition of fair housing advocates has filed a federal lawsuit against the Department of Housing and Urban Development over the 2020 revision to the 2013 HUD disparate impact rules... Read more

SEC Will Limit No-Action Letters on Mutual Conversions to ‘Novel or Unusual Issues’

October 26, 2020 The U.S. Securities and Exchange Commission issued a no-action letter Oct. 9 regarding the nature of the related mutual holding company membership interests. An SEC no-action letter is not permission, but rather an expression that the Division... Read more

More Related News >> >>

National Association of Insurance Commisioners (NAIC)

In 2014, the NAIC formed a Cybersecurity Task Force to undertake an ambitious agenda of work products, following the disclosure of a massive security breach at the health insurer Anthem. The Task Force developed a set of regulatory principles, proposed a “Bill of Rights” for consumers, and set out to develop a model law addressing data security issues for insurers and other regulated entities. The Task Force also enhanced financial exam standards to focus on cybersecurity issues and developed a supplement to the annual statement to collect information on insurers’ writing of cybersecurity insurance.

The NAIC Cybersecurity Task Force development of both data security standards and security breach protocol measures has involved addressing many issues including: 1) the breadth of definitions regarding personal information and cybersecurity breach event; 2) the inclusion of a harm trigger to determine when notice to regulators and consumers is required; and 3) the obligation to ensure proper measures and practices of third-party service providers.

NAMIC Position | NAIC

NAMIC has engaged in every initiative undertaken by the Cybersecurity Task Force by continually stressing the need for regulatory measures to be risk-based and scalable to match the needs and abilities of entities of varying size and complexity, and to be workable from a compliance perspective.

NAIC Moving Toward Final National Meeting of 2020

October 23, 2020 The NAIC announced a tentative schedule for the next virtual meeting, being held on Dec 3-4 and Dec 7-9 with a break over the weekend. As the calendar turns toward December, the NAIC will be meeting over the next several weeks to bring business to a... Read more

Group Capital Calculation Working Group Reverses Course on Exemption Criteria, Large Groups May Not Qualify for Limited Filing

October 22, 2020 The NAIC Group Capital Calculation (E) Working Group has released for comment final proposals for changes to the NAIC Insurance Holding Company System Regulatory... Read more

Special (EX) Committee on Race and Insurance Identifies Workstream Chairs, Plans Report by End of Year

October 22, 2020 During the Sept. 17 meeting of the Special (EX) Committee on Race and Insurance, NAIC President Ray Farmer of South Carolina announced the leadership and support staff for each of the committee’s five identified workstreams and indicated... Read more

NAMIC Submits Comments on Troubling Financial Examination and Analysis Guidance

October 22, 2020 NAMIC submitted a comment letter (Att. 6 – Exam Letter) to the Risk-Focused Surveillance (E) Working Group and the Own Risk and Solvency Assessment Implementation (E) Subgroup on their joint proposal to add new guidance for group-wide supervision... Read more

Work Continues on Anti-Rebating Modernization; Information Requested on Extending or Making Permanent COVID-Related Regulatory Actions

October 22, 2020 The NAIC Innovation and Technology (EX) Task Force continues to move forward on revising the NAIC Unfair Trade Practices Model Act with the goal of modernizing anti-rebating barriers particularly in regard to value-added services that provide for loss... Read more

More Related News >> >>

Our Positions | Cybersecurity

Federal Government

NAMIC Position | Federal Government

BuildStrong Coalition Hosts Webinar on Building Codes, FEMA’s BRIC Program

Housing Groups File Legal Challenge to New HUD Disparate Impact Rule

SEC Will Limit No-Action Letters on Mutual Conversions to ‘Novel or Unusual Issues’

National Association of Insurance Commisioners (NAIC)

NAMIC Position | NAIC

NAIC Moving Toward Final National Meeting of 2020

Group Capital Calculation Working Group Reverses Course on Exemption Criteria, Large Groups May Not Qualify for Limited Filing

Special (EX) Committee on Race and Insurance Identifies Workstream Chairs, Plans Report by End of Year

NAMIC Submits Comments on Troubling Financial Examination and Analysis Guidance

Work Continues on Anti-Rebating Modernization; Information Requested on Extending or Making Permanent COVID-Related Regulatory Actions

Issue Analysis Papers

Delaware: DOI Updates Cybersecurity Compliance Bulletin

Delaware: DOI Updates Cybersecurity Compliance Bulletin

Privacy Protections (D) Working Group to Consider Consumer Issues, Insurer Responsibilities, Regulatory Enforcement

Study on Cyber Insurance Attached to House Defense Reauthorization Bill

Louisiana NAIC 2017 Cybersecurity Model Law Enacted

Contacts

Advocacy

Education

Political Action

News & Media

About