2025 Membership (PDF)

2025 Charges

1. The Cybersecurity (H) Working Group will:

Cybersecurity Charges

1. Monitor cybersecurity trends such as vulnerabilities, risk management, governance practices, and breaches with the potential to affect the insurance industry.
2. Facilitate communication across state insurance departments regarding cybersecurity risks and events.
3. Develop and maintain regulatory cybersecurity response guidance to assist state insurance regulators in the investigation of national insurance cyber events.
4. Monitor federal and international activities on cybersecurity, engaging in efforts to manage and evaluate cybersecurity risk.
5. Coordinate NAIC committee cybersecurity work, including cybersecurity guidance developed by the Market Conduct Examination Guidelines (D) Working Group and the Information Technology (IT) Examination (E) Working Group.
6. Advise NAIC staff on the development of cybersecurity training for state insurance regulators.
7. Work with the CIPR to receive updates on cybersecurity research efforts, by the CIPR and others, and to analyze publicly available cybersecurity-related information.
8. Support the states with implementation efforts related to the adoption of the Insurance Data Security Model Law (#668).
9. Coordinate with NAIC staff to facilitate intelligence-driven cybersecurity tabletop exercises with states' departments of insurance (DOIs) providing input on scope and timing as necessary.

Cybersecurity Insurance Charges

1. Monitor industry trends pertaining to cyber insurance trends pertaining to cyber insurance, including meeting with subject matter experts and evaluating data needs of state insurance regulators. Considerations should include the availability and affordability/pricing of cyber insurance, disclosures, limits and sub-limits and sub-limits in policies, policy language and trends in requirements, underwriting practices, and the role of reinsurance in the cyber insurance market.
2. Coordinate with NAIC work groups addressing cyber insurance related issues, such as the Casualty Actuarial and Statistical (C) Task Force.
3. Monitor federal and international activities related to cyber insurance and financing mechanisms for cyber risk.
4. Coordinate with NAIC staff to conduct analysis pursuant to the NAIC's Cyber Insurance Report. Review the NAIC's Property & Casualty Annual Statement Cybersecurity and Identity Theft Supplement recommending changes and/or developing reports to supplement data development as necessary. Consider and develop a guide for states on cyber insurance data analysis best practices.