New law outlines requirements to safeguard the industry from cyber threats
Pennsylvania governor Josh Shapiro has signed into law a bill designed to safeguard the insurance industry from cyber threats.
Pennsylvania Insurance Data Security Act, also known as House Bill 739, was signed last week as Act 2 of 2023 after it passed both the Pennsylvania House and Senate with unanimous, bipartisan support.
Under the new law, insurance licensees, including companies and individuals (with certain exceptions for small businesses), are now required to perform thorough risk assessments to identify potential cyber threats and determine the likelihood and potential damage associated with these threats.
All licensees must also develop a comprehensive information security program aimed at mitigating risks, preventing cyber incidents, and establishing response plans for recovering from cybersecurity events.
Furthermore, licensees are now obligated to notify the insurance commissioner within five business days if they discover a cybersecurity event involving non-public information.
“Governor Shapiro will always stand for the best interests of Pennsylvania’s insurance consumers and has prioritized ensuring that the industry is effective and working for Pennsylvanians,” said acting insurance commissioner Michael Humphreys.
“This collaborative effort was focused on improving business processes and insurance regulatory tools to best safeguard our citizens’ personal information. The new bipartisan law makes Pennsylvania the largest state to enact these critical reforms and will make the industry more responsive and better prepared for cybersecurity events and cybercrime.”
Citing a cybercrime report from the FBI, the department underscored the importance of the new law, considering the following statistics:
- In 2022 alone, Americans suffered losses exceeding $10.3 billion due to cybercrime, representing a 49% increase compared to the previous year.
- The FBI received over 800,000 complaints related to cybercrime during the same period.
- Pennsylvania witnessed a higher number of reported cybercrime victims compared to the combined figures of Canada, India, Australia, France, and South Africa.
What are your thoughts on this story? Feel free to comment below.
Keep up with the latest news and events
Join our mailing list, it’s free!