States Step Up Cybersecurity Regulation of Insurers

States Step Up Cybersecurity Regulation of Insurers

New Hampshire will join eight other states in imposing cybersecurity requirements on insurers with a new law that takes effect Jan. 1.

The law gives licensees a year to implement requirements such as an information security program based on a risk assessment. Insurers will have two years from the effective date to enact oversight requirements for third-party service providers. Licensees will have to investigate cybersecurity events and notify the state regulator within three business days after discovering a security incident.

The requirements follow a 2017 model law by the National Association of Insurance Commissioners that seven other states, including South…

To read the full article log in. To learn more about a subscription click here.


Choose your Reaction!