Skip to main content
Innovation Cybersecurity and Technology (H) Committee

2024 Membership

The mission of the Innovation, Cybersecurity, and Technology (H) Committee is to: 1)  provide a forum for state insurance regulators to learn about and have discussions regarding: cybersecurity, innovation, data security and privacy protections, and emerging technology issues; 2) monitor developments in these areas that affect the state insurance regulatory framework; 3) maintain an understanding of evolving practices and use of innovation technologies by insurers and producers in respective lines of business; 4) coordinate NAIC efforts regarding innovation, cybersecurity and privacy, and technology across other committees; and 5) make recommendations and develop regulatory, statutory or guidance updates, as appropriate.

InsurTech, Innovation & Technology Contacts

Collaboration Forum Resource Center

2024 Adopted Charges

  1. The Innovation, Cybersecurity, and Technology (H) Committee will:

    1. Provide forums, resources and materials related to developments and emerging issues in innovation, cybersecurity, data privacy, and the uses of technology in the insurance industry in order to educate state insurance regulators on these developments and how they affect consumer protection, insurer and producer oversight, marketplace dynamics, and the state-based insurance regulatory framework.
    2. Identify, track and report on developments and emerging issues related to cybersecurity, information and data security systems, including industry best practices for risk management, internal controls, and governance; and how state insurance regulators can best address cyber risks and challenges for insurance industry. Coordinate with various subject matter expert (SME) groups on insurer and producer internal cybersecurity. Consider best practices related to cybersecurity event tracking and coordination among state insurance regulators, and produce guidance related to regulatory response to cybersecurity events to promote consistent response efforts across state insurance departments. Work with the Center for Insurance Policy and Research (CIPR) to analyze cybersecurity-related information from various data sources.
    3. Monitor and advise on the cybersecurity insurance market, including rating, underwriting, claims, product development, and loss control. Report on the cyber insurance market, including data reported within the Cybersecurity Insurance and Identity Theft Coverage Supplement.
    4. Identify and provide forums, resources and materials for the discussion of innovations and emerging technologies in the insurance sector, including the collection and use of data by insurers, producers, and state insurance regulators, as well as new products, services, and distribution platforms. Educate state insurance regulators on how these developments affect consumer protection, data privacy, insurer and producer oversight, marketplace dynamics, and the state-based insurance regulatory framework.
    5. Discuss emerging technologies and innovations related to insurance and insurers, producers, state insurance regulators, licensees, or vendors, as well as the potential implications of these technologies for the state-based insurance regulatory structure—including reviewing new products and technologies affecting the insurance sector and their associated regulatory implications.
    6. Consider and coordinate the development of regulatory guidance and examination standards related to innovation, cybersecurity, data privacy, the use of big data and artificial intelligence (AI) including machine learning (ML) in the business of insurance, and technology, including drafting and revising model laws, white papers, and other recommendations as appropriate.
    7. Track the implementation of and issues related to all model laws pertaining to innovation, technology, data privacy, and cybersecurity, including the Insurance Data Security Model Law (#668), the NAIC Insurance Information and Privacy Protection Model Act (#670), the Privacy of Consumer Financial and Health Information Regulation (#672), and the Unfair Trade Practices Act (#880) rebating language and providing assistance to state insurance regulators as needed.
    8. Coordinate and facilitate collaboration with and among other NAIC committees and task forces to promote consistency and efficiency in the development of regulatory policy, education, training, and enforcement materials and tools related to innovation; cybersecurity; data privacy; and the use of technologies, big data and artificial intelligence (AI), including machine learning (ML), in the business of insurance. Evaluate and recommend certifications, continuing education (CE), and training for regulatory staff related to technology, innovation, cybersecurity, and data privacy.
    9. Follow the work of federal, state, and international governmental bodies to avoid conflicting standards and practices.
  2. The Third Party Data and Models (H) Task Force will:
    1. Develop and propose a framework for the regulatory oversight of third-party data and predictive models.
    2. Monitor and report on state, federal, and international activities related to governmental oversight and regulation of third-party data and model vendors and their products and services. Provide recommendations to the Innovation, Cybersecurity, and Technology (H) Committee regarding responses to such activities.
  3. The Big Data and Artificial Intelligence (H) Working Group will:
    1. Research the use of big data and AI (including ML) in the business of insurance. Proactively communicate findings and present recommendations to the Innovation, Cybersecurity, and Technology (H) Committee.
    2. Monitor state, federal, and international activities on AI, including working with the Innovation, Cybersecurity, and Technology (H) Committee, (i) to respond to such activities, where appropriate and (ii) address potential impacts on existing state insurance laws or regulations.
    3. Oversee the completion of the work of the Collaboration Forum on Algorithmic Bias, including:
      1. Monitor and support adoption of the Model Bulletin on the use of Artificial Intelligence Systems by Insurers.
      2. Explore the creation of an independent synthetic data set to support testing of predictive models for unfair discrimination, in collaboration with the Center for Insurance Policy and Research, as appropriate.
      3. Finalize and maintain a glossary/lexicon to guide regulators as they engage in AI and technology related discussions.
    4. Facilitate and coordinate foundational and contextual educational content for regulators on topics related to the use of Big Data and Artificial Intelligence techniques, tools and systems in the insurance industry.
  4. The Cybersecurity (H) Working Group will:
    Cybersecurity Charges

    1. Monitor cybersecurity trends such as vulnerabilities, risk management, governance practices, and breaches with the potential to affect the insurance industry.
    2. Facilitate communication across state insurance departments regarding cybersecurity risks and events.
    3. Develop and maintain a regulatory cybersecurity response guidance to assist state insurance regulators in the investigation of insurance cyber events.
    4. Monitor federal and international activities on cybersecurity, engaging in efforts to manage and evaluate cybersecurity risk.
    5. Coordinate NAIC committee cybersecurity work, including cybersecurity guidance developed by the Market Conduct Examination Guidelines (D) Working Group and the Information Technology (IT) Examination (E) Working Group.
    6. Advise on the development of cybersecurity training for state insurance regulators.
    7. Work with the CIPR to receive updates on cybersecurity research efforts, by the CIPR and others, and to analyze publicly available cybersecurity-related information.
    8. Support the states with implementation efforts related to the adoption of Model #668.

    Cyber Insurance Charges

    1. Monitor industry trends pertaining to cyber insurance trends pertaining to cyber insurance, including meeting with subject matter experts and evaluating data needs of state insurance regulators. Considerations may also include the availability and affordability/pricing of cyber insurance, disclosures, limits and sub-limits and sub-limits in policies, policy language and trends in requirements, underwriting practices, and the role of reinsurance in the cyber insurance market.
    2. Coordinate with NAIC work groups addressing cyber insurance related issues, such as the Casualty and Actuarial (C) Task Force.
    3. Monitor federal and international activities related to cyber insurance and financing mechanisms for cyber risk.
  5. The E-Commerce (H) Working Group will:
    1. Examine e-commerce laws and regulations to aid in identifying updates to the E-Commerce Modernization Guide. This may include meeting with industry experts to understand industry trends that may impact laws and regulations.
  6. The Privacy Protections (H) Working Group will:
    1. Use state insurance privacy protections regarding the collection, data ownership and use rights, and disclosure of information gathered in connection with insurance transactions to draft a new/revised Privacy Protections Model Act to replace/update NAIC models, such as Model #670 and/or Model #672.
    2. Monitor state, federal, and international activities on privacy engaging in efforts to manage and evaluate privacy.
  7. The Technology, Innovation, and InsurTech (H) Working Group will:
    1. Monitor technology and innovation trends to identify services and products of importance to state insurance regulators.
    2. Facilitate technology, innovation, and InsurTech presentations to assist state insurance regulators in understanding related trends in the insurance industry.
    3. Develop opportunities for start-ups and InsurTechs to present to and receive feedback from state insurance regulators.
Third-Party Data and Models (H) Task Force

Third-Party Data and Models (H) Task Force
Saturday, March 16, 2024
11:00 AM - 12:00 PM MT

301 A West - Phoenix Convention Center - Level 3

Cybersecurity (H) Working Group

Cybersecurity (H) Working Group
Sunday, March 17, 2024
2:30 PM - 3:30 PM MT

301 A West - Phoenix Convention Center - Level 3

Innovation, Cybersecurity, and Technology (H) Committee

Innovation, Cybersecurity, and Technology (H) Committee
Monday, March 18, 2024
11:00 AM - 12:00 PM MT

301 B-D West - Phoenix Convention Center - Level 3

Related NAIC Publications

Contacts

Media Inquiries
(816) 783-8909
news@naic.org


Miguel Romero
Director, P&C Regulatory Services
816-783-8479

Scott Morris
Chief Technology Officer
816-783-8073

Please see the current Committee List for a complete list of committee members.