The agenda of the NAIC cybersecurity task force included a cybersecurity legislative update and two presentations on data analysis projects currently underway, but the majority of conversation centered around the recently released update to the Insurance Data Security Model Law.
The cyber legislative update noted the creation of a 12-person task force charged with reporting back to the President of the United States (POTUS) on cyber and their intent to focus on cyber insurance (it was noted that this project is underway and observations are expected late this year).
Data projects summarized a tremendous amount of information, but also acknowledged scope limitations due to the inability to disaggregate cyber insurance components of packaged policies. Premium amounts and loss ratios varied significantly among carriers, while policy types trended toward claims made policies — noting 82 percent of cyber liability policies were claims made, as opposed to 18 percent occurrence. The working group noted the impact of this on accessibility for currently difficult to identify and potentially long tailed events.
Conversation by interested parties around version two of the Insurance Data Security Model Law was highly spirited. Commissioner Hamm (ND) noted before queueing interested parties that the comment period remains open until 9/16/16. Interested parties commented with a litany of observations, including that the current draft model law:
Considering the volume of modifications from version one to version two in conjunction with the volume of interested party comments, it appears the current working version is perceived as a good start but there seems to be some work to do before this becomes final.
For more information on this topic, or to learn how Baker Tilly specialists can help, contact our team.