top of page

New cybersecurity risk management regulations for insurance companies are here.


The National Association of Insurance Commissioners (NAIC) approved the Insurance Data Security Model Law and the State of New York in March 2017 placed into effect Section 500 of Title 23 of the Official Compilation of Codes.


"Computers, software, programming and algorithms are all parts of a cybersecurity risk program, but it is the interaction with 'humans' that makes all the difference in the world."


NAIC's model law requires insurance organizations to have everything from information security program policies to incident response plans to specific breach notification procedures. Insurance organizations will now have to certify compliance to state insurance commissioners annually. Now that NAIC's model law is heading for adoption, it is crucial to understand how it might apply to your organization. It is also imperative to learn is also imperative to learn what you can do now to start preparing for compliance.


This event focuses on describing the effective components of a modern cybersecurity risk management program. Participants will be prepared to start the evaluation of an existing program. They will then be able to discuss with senior management, the audit committee, and the board of directors how to proceed with improving cybersecurity risk management. We consider five main components of an effective risk management program: data, control implementation, verification, breach preparedness and risk management.


This comprehensive training course is for anyone who wants to have a strong base of knowledge and understanding of the essentials of a cybersecurity risk management program.


This timely CPE virtual training is for project directors, project leaders, and all other individuals responsible for creating an effective cybersecurity program and its associated documents. This is for an insurance organization. Each attendee will be sent home with a set of 35 documents that were used to create the academy.


This internal control training course will provide each attendee with 12 CPE Event Hours (YB). A certificate of completion will be provided.

NAIC Cybersecurity Model Law Academy

  • Offered on Wednesday-Thursday once every six weeks in two six hour sessions for 12 CPE credits.

    The sessions will run from 9:00 a.m. to 3:00 p.m. Central Time Zone. There will be a lunch break from 12:00 noon to 12:30 p.m. each day.

    We can schedule private events on your timetable for two or more attendees.

In the event you haven't seen an email from confirming your registration land in your inbox, there's a chance it might have taken a little detour into your spam, junk, or quarantine folder. If you could take a moment to peek in there and kindly mark it as "not spam" or “not junk,” that would be fantastic. On the off chance that your firewall is being a bit overprotective and preventing the email from even reaching your spam folder, please don’t hesitate to give me a ring at 479-200-4373. I’m here to ensure everything’s set straight for you.

bottom of page