On March 12, 2015, the NAIC exposed for comment two draft documents relating to cyber security.

The first draft document (available here), “Principles for Effective Cybersecurity Insurance Regulatory Guidance” (the “draft cybersecurity guidance”), was developed by the CTF to assist insurance regulators in providing guidance to the insurance industry in its efforts to strengthen data security and infrastructure. Derived from the work of the Securities Industry and Financial Markets Association, the 18 guiding principles in the draft cybersecurity guidance seek to help regulators “identify uniform standards, promote accountability, and provide access to essential information.”

The second draft document (available here), the “Cybersecurity Insurance Coverage Supplement,” is a supplement to the annual statutory statement to be filed by insurers that write cyber security coverage, either on a standalone basis or as part of a commercial multiperil package policy. The draft supplement is being considered by the NAIC Property and Casualty Insurance (C) Committee.

The two exposure drafts were open for comment from interested parties and industry representatives until March 23rd, to facilitate discussions at the NAIC’s Spring National Meeting in Phoenix.