NAIC Cybersecurity Model Law: What’s in Store for Insurance Entities

The National Association of Insurance Commissioners has approved its Insurance Data Security Model Law, which individual states are expected to begin implementing in 2018. While compliance with the model law’s requirements will be a top priority for most U.S. insurance entities, the proposed risk management and notification requirements actually represent only one aspect of the broader and increasingly urgent issue of cybersecurity risk.