Pennsylvania governor signs insurance data security act

Pennsylvania governor Josh Shapiro has signed a bill designed to protect the insurance industry from cyber threats.

The Pennsylvania Insurance Data Security Act, also known as House Bill 739, was signed into law last week as Act 2 of 2023 after it passed the Pennsylvania House and Senate with unanimous, bipartisan support.

Under the new law, insurance licensees, including companies and individuals (with certain exceptions for small businesses), are now required to conduct a thorough risk assessment to determine the potential cyber threats and identify the likelihood and potential harm associated with these threats.

All licensees must also develop a comprehensive information security program aimed at mitigating risks, preventing cyber incidents, and establishing response plans for recovery from cyber incidents. cybersecurity.

In addition, licensees are now obligated to notify the insurance commissioner within five business days if they discover a cybersecurity event involving non-public information.

“Governor Shapiro will always stand up for the best interests of Pennsylvania’s insurance consumers and prioritize making sure the industry is efficient and working for Pennsylvanians,” said acting insurance commissioner Michael Humphreys.

“This collaborative effort is focused on improving business processes and insurance regulatory tools to better protect the personal information of our citizens. The new bipartisan legislation makes Pennsylvania the largest state to enact these critical reforms and will make the industry more responsive and better prepared for cybersecurity and cybercrime events.

Citing the cybercrime report from the FBI, the department emphasized the importance of the new law, considering the following statistics:

• In 2022 alone, Americans will suffer losses exceeding $10.3 billion due to cybercrime, which represents a 49% increase compared to last year.
• The FBI received more than 800,000 complaints related to cybercrime during the same period.
• Pennsylvania has witnessed a higher number of reported victims of cybercrime compared to the combined numbers of Canada, India, Australia, France, and South Africa.

What are your thoughts on this story? Please comment below.