The NAIC Insurance Data Security Model Law seeks to establish data security standards for regulators and insurers in order to mitigate the potential damage of a data breach. The law now applies in 21 states to insurers, insurance agents and other entities licensed by the state department of insurance.

​

Each insurance organization will be subject to the Insurance Data Security Act in the near future. One of the first steps in becoming compliant is to establish a benchmark concerning the inherent data security risks and the maturity level of the existing internal control framework.

​

The Accountware Group (TAG) has developed the Cybersecurity Assessment Tool (CAT) to help insurance industry institutions identify their inherent risk levels and determine their current cybersecurity preparedness. The CAT provides a repeatable and measurable process for any insurance industry organization to measure their cybersecurity preparedness.

​

The CAT works by building a measurable current state picture of an organization's levels of inherent risk and current maturity level of the internal controls. TAG can assist insurance industry institutions to use the CAT by conducting a two-part diligent inquiry:

• Establish the existing Inherent Risk Profile: The CAT provides over 40 individual inherent risk factors in activities, services, or products to be measured to determine an organization’s current level of inherent cybersecurity risk,

• Establish the existing current state of maturity within the Cybersecurity Internal Controls: The maturity level is assessed using over 500 individual assessment factors.

 

Once the diligent inquiry is completed, management can clearly understand the adequacy of its cybersecurity internal control framework and the gaps that need to be addressed.  

 

The TAG CAT was developed based on the Federal Financial Institutions Examination Council's (FFIEC) Cybersecurity Assessment Tool (FFIEC CAT) and the NAIC Insurance Data Security Model Law. FFIEC developed its CAT with the help of the National Institute of Standards and Technology (NIST). The FFIEC CAT conforms with all of the current NIST Cybersecurity Standards including NIST 800-53.

 

Improve the protection of your insurance industry organization from cyberthreats. Have a current insurance industry cybersecurity assessment in place and be working on continuously improving its internal control framework’s level of maturity. This will position the organization to be compliant with the NAIC Insurance Data Security Model Law.

 

Experienced professionals with insurance industry experience are available from The Accountware Group (TAG) to assist in preforming a diligent inquiry to provide an up-to-date Cybersecurity Assessment Report (CAR) for any insurance organization.