The rapidly expanding market for cybersecurity insurance is the focus of the Cybersecurity Task Force within the Executive Committee of the National Association of Insurance Commissioners (NAIC). The Task Force recently issued for comment a revised draft of the Insurance Data Security Model Law.

The NAIC is the nationwide organization of all state insurance commissioners. NAIC maintains responsibility for establishing model insurance administrative regulations and model statutes for consideration by all of the states.

The goal of the cybersecurity Model Law is to set standards for “data security and investigation and notification of a breach of data security” that can be used by each individual state in consistency with other states. The latest revised draft is open for comments until mid-September.

Cybersecurity risks identified by the NAIC include but are not limited to:

  • Identity theft of personal data (like Social Security or credit card numbers) due to security breaches
  • Business interruption caused by cybersecurity intrusions
  • Reputational harm suffered by a business entity targeted in an attack
  • Data record restoration costs following a cybersecurity attack
  • Data theft, including business customer lists or trade secrets
  • Loss of data integrity following exposure to malware or a computer virus
  • Phishing attacks on unsuspecting employees, resulting in data loss or disclosure
  • Credit monitoring costs following an attack
  • Litigation related to trademark or copyright infringement

Readers interested in the NAIC’s Insurance Data Security Model Law can click on the link for the Cybersecurity Task Force.

Bill Hager’s Insurance Policy Expertise as an Insurance Regulator

Mr. Hager served as a regulator for eight years in five positions ((i) Assistant Attorney General assigned to the Iowa Department of Insurance, (ii) First Deputy Commissioner of Insurance, (iii) Iowa Commissioner of Insurance, (iv) Administrative Law Judge, and (v) Executive and Member of the National Association of Insurance Commissioners).

In this capacity Mr. Hager, along with his staff, approved (or disapproved) of the language of insurance policies used by each of the 1,000 property casualty insurance companies doing business in the state of Iowa.

This regulatory action also included the approval of most all policy application forms and policy forms themselves in use today. In addition, he regularly served as an Administrative Law Judge in matters relating directly to insurance policies.

While Iowa Commissioner of Insurance, Mr. Hager also served as a member of the National Association of Insurance Commissioners, (including membership on its Executive Committee).

While with the NAIC, he served, among other things, as:

  • Chair of the Midwest Zone. He was elected to this position by his fellow Insurance Commissioners from this zone (composed of the Midwest states) to provide leadership before the balance of the states.
  • Member of the Executive Committee. As a member of the Executive Committee, in effect the steering committee of the NAIC, he provided leadership organization wide. The Executive Committee had direct oversight of the Property Casualty Committee.
  • Member, Commercial Lines Committee. This Committee exercised national oversight of the functioning of commercial lines insurance.

Click on the link to read more about Mr. Hager’s experience as an insurance expert.


Material for this article was taken from a collection of industry sources relating to the subject.

In all of the general statements here, see the state law of the controlling jurisdiction. Every case is different and circumstances vary widely depending on the governing state law, policy provisions, and related considerations.

This blog is provided for educational purposes only. It is not intended to provide legal advice or an opinion in regard to any topic discussed. The blog should not be used as a substitute for legal advice from a licensed attorney in your state.