National Association of Insurance Commissioners, Cybersecurity (EX) Task Force, Principles for Effective Cybersecurity: Insurance Regulatory Guidance (Apr. 17, 2015) (full-text).
These principles are intended to serve as the foundation for the protection of sensitive consumer information held by insurers as well as insurance producers, and to guide regulators who oversee the insurance industry.
The document identifies types of safeguards regulators expect insurers to have in place to protect consumers from cybersecurity breaches. These twelve principles direct insurers, producers, and other regulated entities to join forces in identifying risks and adopting practical solutions to protect information entrusted to them. The guiding principles are intended to establish insurance regulatory guidance that promotes coordination and protects insurance consumers.