NAIC Cybersecurity Model Law

The National Association of Insurance Commissioners (NAIC) has drafted a proposed Insurance Data Security Model Law for states to use in setting risk management and notification requirements when regulating insurance organizations. While the specifics of the model law have drawn considerable comment, the proposed requirements actually represent only one aspect of the broader and increasingly urgent issue of cybersecurity risk.