Insurance data security law compliance

Are you prepared to meet your state deadlines?

At least 18 states have adopted their version of an insurance data security act, based on the NAIC’s Insurance Data Security Model Law. And more are coming.

Compliance deadlines vary. In some states, rules around data security and incident notification are already in effect.

The new regulations require your insurance business to:

  • Conduct annual risk assessments
  • Maintain an information security program
  • Notify the insurance commissioner of cybersecurity events — within three days in most states
  • Notify consumers affected by a cybersecurity event

Let Wipfli help you get into compliance

Our cybersecurity professionals have direct experience in the insurance industry and in providing the solutions needed to comply with the new laws. To better meet your business’s exact needs, we offer three different solutions:

  • Helping you understand how to comply: We help you develop the foundation of your information security program. By performing an NAIC gap assessment, we can work with you to create a roadmap for compliance. We also provide security officer coaching on how to comply with your state’s law, as well as templates for security program policies, risk assessments, response procedures, third-party risk classification and more.
  • Giving you the tools to self-manage your program: Our second solution includes the above, plus a network threat assessment, external penetration test, employee security awareness training and a full risk assessment so you can further ensure compliance and mitigate risks. This solution sets you up to manage your program internally.
  • Outsourcing the implementation and management of your program: Our third solution is the most comprehensive, additionally providing you with an online compliance portal, vendor management, managed detection and response, virtual chief information security officer services, mobile device management, annual risk assessment updates, incident response tabletop exercises and more. In this solution, Wipfli implements and then manages components of your program on an ongoing basis, freeing your staff up to focus on other priorities.

Which solution is best for your business? Contact us to set up a meeting to discuss your state regulations and compliance plans.

Article: Cyber laws reach the insurance industry
18 states have adopted new laws. Are you ready?
Learn more
NAIC data security model law requirements
Article: NAIC data security model law requirements
Learn more
Webcast
Implementing the NAIC cybersecurity model rule
Watch now