NAIC Fall Meeting Update: Cybersecurity (H) Working Group Receives Comments on Cyber Event Notification Portal

On December 10, 2025, the Cybersecurity (H) Working Group met to discuss, and receive comments regarding, its proposed Cybersecurity Event Notification Portal, which is contemplated to be a centralized national portal for reporting cybersecurity events. The Working Group first noted that its work to date had been focused on achieving convergence in the implementation and operation of the Insurance Data Security Model Law (the “IDSM”), but that it had advanced to a goal of supporting state regulators with additional tools. One such tool would be a cost-reducing, centralizing, portal for implementation of Sections 6 and 7 of the IDSM. Section 6 describes insurer’s obligations to notify regarding a cybersecurity event and the information that must be included. Section 7 sets forth the authority to investigate the conduct of licensed entities potentially in violation of cybersecurity laws. 

At the 2024 NAIC Fall National Meeting in Denver, the Working Group passed a motion instructing the NAIC to explore the creation of a cybersecurity event notification portal, with a plan to create a simple portal to test. The project plan for the portal was posted for a public comment period from October 29 through December 1, 2025 (comments received were included in the meeting materials found here). At this meeting, interested regulators added some notes to these comments, including:

1. That states that have not yet adopted the IDSM, but do have related reporting laws, should still have access to the reporting portal.
2. Efficiency of the portal and submission process should be maximized.
3. Confidentiality of the information submitted through the portal should be maximized.
4. Fee structures for the portal should be considered.
5. The portal should be rigorously tested by applicable regulators.

The Working Group then discussed adoption of the draft portal intake form, with various version options compared in relation to the level of detail in the information to be submitted therewith. Before adjourning, the Working Group received a presentation on the status of the Cybersecurity Insurance Market, noting an overall contraction in the admitted market, with a 12% increase the prior year in surplus lines (now approximately 57% of the Cyber market).