House Panel, NAIC Looking At Cybersecurity

WASHINGTON – The House Intelligence Committee passed a bill aimed at encouraging the sharing of critical cyber threat information to protect consumers and the nation’s financial infrastructure.

The bill is similar to the Cybersecurity Information Sharing Act (CISA), which was passed recently by the Senate Intelligence Committee.

In general, the bills would allow for the sharing of Internet traffic information between the U.S. government and technology and manufacturing companies. The bills are part of a broad ramping up of cybersecurity initiatives by insurance-interested parties, including the Federal Insurance Office (FIO), the National Association of Insurance Commissioners (NAIC) and the New York Department of Financial Services (DFS). The NAIC proposals are consistent with those proposed by the Securities Industry and Financial Markets Association (SIFMA) in October.

Among the FIO initiatives is coordinating the development of cyber-related insurance products by insurers. The FIO wants to ensure the creation of insurance products that are uniform in design, benefits and underwriting practices relative to cyber risk. For example, at least one leading insurer recently endorsed an assessment of a policyholder’s compliance with the National Institute of Standards and Technology's framework when underwriting current or prospective policyholders.

The NAIC also is looking at cybersecurity issues at its quarterly meeting, which begins today in Phoenix.

According to a Sutherland Asbill & Brennan Legal Alert, the NAIC is seeking comment on two documents it has created. The comment period closed Monday, and the issues will be discussed at the NAIC’s quarterly meeting.

The first document is entitled, “Principles for Effective Cybersecurity Insurance Regulatory Guidance.” It lists 18 principles for effective regulatory guidance regarding the protection of the insurance sector’s data security and infrastructure. The second is a proposed supplement to the annual statement to provide disclosure about cybersecurity insurance coverage written by U.S.-licensed insurers.

The principles were developed by the NAIC’s Cybersecurity (EX) Task Force. The task force is charged with making recommendations on cybersecurity issues, coordinating with other NAIC committees, and communicating with other groups outside the NAIC on cybersecurity issues, according to Sutherland.

InsuranceNewsNet Washington Bureau Chief Arthur D. Postal has covered regulatory and legislative issues for more than 30 years. He can be reached at [email protected].