In May 2018, South Carolina became the first state to pass a cybersecurity insurance bill requiring insurers to establish and implement a cybersecurity program protecting companies and consumers from a data breach. The law created rules for South Carolina insurers, agents, and other licensed entities covering data security, investigation, and breach notification.
The new cybersecurity bill is based on guidelines from the National Association of Insurance Commissioners’ Insurance Data Security Model Law. The insurance industry is not against the new law but there are concerns about the impact of other states passing laws that are different to South Carolina’s legislation.
Consumer data in the US is currently protected by a patchwork of industry-specific federal laws and state legislation with varying scope and jurisdiction. This can present considerable compliance challenges for US organizations that conduct business across all 50 states.
Meeting the challenge
To help meet the challenge organizations can implement ISO 27001. ISO/IEC 27001:2013 (ISO 27001) is the international standard that describes best practice for an ISMS (information security management system). Achieving accredited certification to ISO 27001 demonstrates that your company is following information security best practice, and delivers an independent, expert assessment of whether your data is adequately protected. ISO 27001 is supported by its code of practice for information security management, ISO/IEC 27002:2013.
- How a cybersecurity program can protect your information assets and help avoid legal penalties
- Items to consider when establishing a robust cybersecurity program
- What’s involved in implementing an information security management system (ISMS)
- The benefits of achieving ISO 27001 certification