The NAIC Insurance Data Security Model Law aims to establish data security standards for both regulators and insurers, with the goal of mitigating the potential harm caused by data breaches. Currently, this law is applicable in 21 states and covers insurers, insurance agents, and other entities licensed by the state department of insurance.

​

In the near future, every insurance organization will fall under the purview of the Insurance Data Security Act. Achieving compliance begins with the establishment of a baseline that assesses inherent data security risks and evaluates the maturity level of the existing internal control framework.

 

To aid institutions within the insurance industry in identifying their inherent risk levels and assessing their current cybersecurity readiness, The Accountware Group (TAG) has developed the Cybersecurity Assessment Tool (CAT). This tool offers a systematic and measurable approach for insurance industry organizations to gauge their cybersecurity preparedness.

​

The CAT operates by constructing a measurable snapshot of an organization's current state, encompassing inherent risk levels and the maturity of internal controls. TAG can assist insurance industry institutions in utilizing the CAT through a comprehensive two-part inquiry:

• Establishing the Existing Inherent Risk Profile: The CAT encompasses more than 40 individual inherent risk factors across various activities, services, or products. These factors are measured to determine the current level of inherent cybersecurity risk within the organization.

• Evaluating the Current State of Maturity in Cybersecurity Internal Controls: The maturity level is assessed using over 500 individual assessment factors.

Upon completion of this diligent inquiry, management gains a clear understanding of the adequacy of the organization's cybersecurity internal control framework and can identify and address any existing gaps.

 

It's worth noting that the TAG CAT was developed based on the Federal Financial Institutions Examination Council's (FFIEC) Cybersecurity Assessment Tool (FFIEC CAT) and the NAIC Insurance Data Security Model Law. FFIEC, in collaboration with the National Institute of Standards and Technology (NIST), created its CAT, which aligns with current NIST Cybersecurity Standards, including NIST 800-53.

 

To enhance the protection of insurance industry organizations against cyber threats, it is crucial to have an up-to-date cybersecurity assessment in place and continually strive to improve the maturity level of the internal control framework. This proactive approach positions the organization for compliance with the NAIC Insurance Data Security Model Law.

 

The Accountware Group (TAG) offers the expertise of experienced professionals with a deep understanding of the insurance industry to assist in conducting a diligent inquiry and provide an up-to-date Cybersecurity Assessment Report (CAR) for any insurance organization.