Are you prepared to meet your state deadlines?
At least 18 states have adopted their version of an insurance data security act, based on the NAIC’s Insurance Data Security Model Law. And more are coming.
Compliance deadlines vary. In some states, rules around data security and incident notification are already in effect.
The new regulations require your insurance business to:
- Conduct annual risk assessments
- Maintain an information security program
- Notify the insurance commissioner of cybersecurity events — within three days in most states
- Notify consumers affected by a cybersecurity event
Let Wipfli help you get into compliance
Our cybersecurity professionals have direct experience in the insurance industry and in providing the solutions needed to comply with the new laws. To better meet your business’s exact needs, we offer three different solutions:
- Helping you understand how to comply: We help you develop the foundation of your information security program. By performing an NAIC gap assessment, we can work with you to create a roadmap for compliance. We also provide security officer coaching on how to comply with your state’s law, as well as templates for security program policies, risk assessments, response procedures, third-party risk classification and more.
- Giving you the tools to self-manage your program: Our second solution includes the above, plus a network threat assessment, external penetration test, employee security awareness training and a full risk assessment so you can further ensure compliance and mitigate risks. This solution sets you up to manage your program internally.
- Outsourcing the implementation and management of your program: Our third solution is the most comprehensive, additionally providing you with an online compliance portal, vendor management, managed detection and response, virtual chief information security officer services, mobile device management, annual risk assessment updates, incident response tabletop exercises and more. In this solution, Wipfli implements and then manages components of your program on an ongoing basis, freeing your staff up to focus on other priorities.
Which solution is best for your business? Contact us to set up a meeting to discuss your state regulations and compliance plans.
Featured Thought Leader
Tom Wojcinski, CISA, CRISC
As a director in Wipfli’s risk advisory services practice, Tom Wojcinski specializes in helping organizations reduce and manage the risks that modern technology and information systems introduce to their organization. In today’s business environment, customers, trading partners, regulators, and employees expect continuously available and secure information systems. To help meet this expectation, Tom works with clients to increase the confidentiality, availability, and integrity of their information assets.
Jeff Olejnik is a highly-experienced IT security services professional with more than 20 years in the industry. He helps clients manage risk through effective information security, business continuity planning and program management.
Greg Foster, CPA
Greg Foster is a partner with over 30 years of practice in public accounting. His experience includes providing insurance, banking, credit union and securities clients with various services including financial statement audits, public and private securities registrations and mergers and acquisitions. As leader of the insurance services group, Greg oversees a variety of services to insurance companies including traditional insurers and reinsurers as well as captives, risk retention groups, reinsurance pools and similar arrangements.