Key takeaways

• A new Model Cybersecurity Law for the insurance sector has been approved by a working group of the NAIC.
• Although not yet enacted, the model law signals new regulatory requirements on the horizon.
• Companies should evaluate their existing information security programs in light of the model law, and can prepare for these new regulatory requirements by aligning their information security programs with the NY DFS Cybersecurity Regulation.