Cybersecurity Planning & Training High on the List for Cyberinsurance Under New Regulatory Principals

21 April 2015 Internet, IT & e-Discovery Blog Blog
Authors: Peter Vogel

The National Association of Insurance Commissioners (NAIC) adopted 12 principles for “direct insurers, producers, and other regulated entities to join forces in identifying risks and adopting practical solutions to protect information entrusted to them” on April 17, 2015.  The NAIC’s 12 “Principles for Effective Cybersecurity: Insurance Regulatory Guidance” included these Principles:

Principle 4: Cybersecurity regulatory guidance for insurers and insurance producers must be flexible, scalable, practical and consistent with nationally recognized efforts such as those embodied in the National Institute of Standards and Technology (NIST) framework.

Principle 7: Planning for incident response by insurers, insurance producers, other regulated entities and state insurance regulators is an essential component to an effective cybersecurity program.

Principle 9: Cybersecurity risks should be incorporated and addressed as part of an insurer’s or an insurance producer’s enterprise risk management (ERM) process. Cybersecurity transcends the information technology department and must include all facets of an organization.

Principle 10: Information technology internal audit findings that present a material risk to an insurer should be reviewed with the insurer’s board of directors or appropriate committee thereof.

Principle 12: Periodic and timely training, paired with an assessment, for employees of insurers and insurance producers, as well as other regulated entities and other third parties, regarding cybersecurity issues is essential.

Time will only tell if these Principles are adopted and they help cyberinsuranced insureds.

This blog is made available by Foley & Lardner LLP (“Foley” or “the Firm”) for informational purposes only. It is not meant to convey the Firm’s legal position on behalf of any client, nor is it intended to convey specific legal advice. Any opinions expressed in this article do not necessarily reflect the views of Foley & Lardner LLP, its partners, or its clients. Accordingly, do not act upon this information without seeking counsel from a licensed attorney. This blog is not intended to create, and receipt of it does not constitute, an attorney-client relationship. Communicating with Foley through this website by email, blog post, or otherwise, does not create an attorney-client relationship for any legal matter. Therefore, any communication or material you transmit to Foley through this blog, whether by email, blog post or any other manner, will not be treated as confidential or proprietary. The information on this blog is published “AS IS” and is not guaranteed to be complete, accurate, and or up-to-date. Foley makes no representations or warranties of any kind, express or implied, as to the operation or content of the site. Foley expressly disclaims all other guarantees, warranties, conditions and representations of any kind, either express or implied, whether arising under any statute, law, commercial use or otherwise, including implied warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Foley or any of its partners, officers, employees, agents or affiliates be liable, directly or indirectly, under any theory of law (contract, tort, negligence or otherwise), to you or anyone else, for any claims, losses or damages, direct, indirect special, incidental, punitive or consequential, resulting from or occasioned by the creation, use of or reliance on this site (including information and other content) or any third party websites or the information, resources or material accessed through any such websites. In some jurisdictions, the contents of this blog may be considered Attorney Advertising. If applicable, please note that prior results do not guarantee a similar outcome. Photographs are for dramatization purposes only and may include models. Likenesses do not necessarily imply current client, partnership or employee status.

Authors

Related Services

Insights

Hatch Comments on DNC-Related Construction Projects in Milwaukee
14 June 2019
Milwaukee Business Journal
Bernard Quoted on Debt-Relief Settlement with ITT Tech Lender
14 June 2019
Wall Street Journal
Dodd and Daughter Profiled in Wisconsin Golf
13 June 2019
Wisconsin Golf
Brinckerhoff Comments on SCOTUS Ruling in Patent Case
11 June 2019
Intellectual Property Magazine
Review of 2020 Medicare Changes for Telehealth
11 December 2019
Member Call
2019 NDI Executive Exchange
14-15 November 2019
Chicago, IL
Association for Corporate Counsel Annual Meeting 2019
27-30 October 2019
Phoenix, AZ
Foley's Government Contracts Annual Update
16 October 2019
Liviona, MI