Pennsylvania governor Josh Shapiro has signed into law a bill designed to safeguard the insurance industry from cyber threats.
Pennsylvania Insurance Data Security Act, also known as House Bill 739, was signed last week as Act 2 of 2023 after it passed both the Pennsylvania House and Senate with unanimous, bipartisan support.
Under the new law, insurance licensees, including companies and individuals (with certain exceptions for small businesses), are now required to perform thorough risk assessments to identify potential cyber threats and determine the likelihood and potential damage associated with these threats.
All licensees must also develop a comprehensive information security program aimed at mitigating risks, preventing cyber incidents, and establishing response plans for recovering from cybersecurity events.
Furthermore, licensees are now obligated to notify the insurance commissioner within five business days if they discover a cybersecurity event involving non-public information.
In a press release, the Pennsylvania Insurance Department expressed support for the new law, emphasizing its potential to fortify cybersecurity measures and protect consumers.
“Governor Shapiro will always stand for the best interests of Pennsylvania’s insurance consumers and has prioritized ensuring that the industry is effective and working for Pennsylvanians,” said acting insurance commissioner Michael Humphreys.
“This collaborative effort was focused on improving business processes and insurance regulatory tools to best safeguard our citizens' personal information. The new bipartisan law makes Pennsylvania the largest state to enact these critical reforms and will make the industry more responsive and better prepared for cybersecurity events and cybercrime.”
Citing a cybercrime report from the FBI, the department underscored the importance of the new law, considering the following statistics:
What are your thoughts on this story? Feel free to comment below.