NAIC Adopts New Cybersecurity Exam Tool
On September 21, the National Association of Insurance Commissioners IT Examination Working Group adopted amendments to the IT section of the Financial Condition Examiners Handbook to strengthen the Handbook’s already existing cybersecurity guidance. Charged with improving this guidance, the Working Group compared the Handbook’s guidance to the National Institute of Standards and Technology Cybersecurity Framework. Additionally, the Working Group incorporated into the adopted amendments many of the suggestions received from state departments of insurance and interested parties, including (a) emphasizing that an examiner should consider the size and complexity of an insurer, the laws and regulations to which the insurer is subject, and the volume and type of sensitive information obtained by the insurer; (b) detailing the roles of an insurer’s board of directors and senior management; and (c) clarifying that IT examiners can leverage the work of outside auditors.
View the full Legal Alert.