The NAIC (National Association of Insurance Commissioners) is a standard-setting and regulatory support organization consisting of the top insurance regulators from the 50 states, District of Columbia, and five U.S. territories. The NAIC is steadily adopting a Data Security Model law that will soon be a national requirement. South Carolina has already adopted the model, effective January 1, 2019. The law is similar to the New York Department of Financial Services’ (NYDFS) 23 NYCRR 500 law that went into effect on March 1, 2017. It remains to be seen how each state will implement and manage the law; states moving in this direction include: Georgia, Illinois, Kentucky, Maryland and Virginia. However, there are conflicting cybersecurity requirements; it seems that if you’re already adhering to the NYDFS regulation, you’re close to what will be required by the NAIC Data Security Model law. Despite the increasing cybersecurity regulations, MANY insurance organizations are not aligning or following even the most basic cybersecurity standards.
Mercadien Technologies staffs a wide-range of highly-experienced cyber threat experts that assist insurance organizations with the development and maintenance of internal controls as well as policies and procedures to ensure they are complying with regulatory requirements and their data is protected and secure.