US: The NAIC publishes 12 principles for insurance regulatory guidance on cyber security
Published 17 April 2015
The National Association of Insurance Commissioners has released a “Principles for Effective Cybersecurity: Insurance Regulatory Guidance”, a 12 step guide for insurance regulators concerning the protection of the information of insurance consumers and the information infrastructure of the insurance industry.
The 12 principles were derived from the Securities Industry and Financial Markets Association’s “Principles for Effective Cybersecurity Regulatory Guidance” and offer guidance on security safeguards, incident response planning, employee training and vendor management and include other issues crucial to the protection of consumer information.
A copy of the full 12 NAIC principles is available here.
What action could be taken to manage risks that may arise from this development?
Financial services companies should take the principles into account when developing and implementing their cyber security policies and procedures.