A growing number of states are enacting cybersecurity legislation for the insurance industry, pushing insurers to review their security protocols.
South Carolina, Ohio and Michigan have enacted data security laws for insurers over the past year. Mississippi’s governor approved a measure April 3, and Connecticut, New Hampshire and two other states have bills moving in their legislatures.
The states largely are using a 2017 model law by the National Association of Insurance Commissioners, which draws from the New York Department of Financial Services’ cybersecurity regulation for the financial services industry.
“There’s no doubt that cybersecurity is the biggest risk facing ...