Cybersecurity Letter to Domestics

​TO:       Maryland Domestic Companies
FROM: Al Redmer, Jr., Commissioner
DATE:  June 4, 2015
RE:      Cybersecurity

Dear Maryland Domestic Company:

As internet technology and electronic communications become more and more engrained in the way that people do business, cyber-threats and cyber-attacks are no longer a prospective problem for Maryland's consumers and businesses; they are a reality that must be addressed now.

I am writing today to let you know that I am committed to being a resource to Maryland's consumers and businesses on cyber-issues, and will be actively promoting cybersecurity measures in Maryland in my role as Insurance Commissioner.

As you may be aware, the National Association of Insurance Commissioners (NAIC) has created a special Cybersecurity Task Force to analyze these issues from a regulatory perspective, and I am a voting participant on this Task Force. The following is a list of the Task Force's charges:
Monitor developments in the area of cybersecurity.

Advise, report and make recommendations to the Executive (EX) Committee on cybersecurity issues.
Coordinate activities with NAIC standing committees and their task forces and working groups regarding cybersecurity issues.

Represent the NAIC and communicate with other entities/groups, including the sharing of information as may be appropriate, on cybersecurity issues.

Perform such other tasks as may be assigned by the Executive (EX) Committee relating to the area of cybersecurity.

To date, the Task Force has adopted a document entitled "Principles for Effective Cybersecurity: Insurance Regulatory Guidance." The document notes that "state insurance regulators look to the insurance industry to join forces in identifying risks and offering practical solutions. The guiding principles ... are intended to establish insurance regulatory guidance that promotes these relationships and protects consumers." The full document can be accessed electronically here: http://www.naic.org/documents/committees_ex_cybersecurity_tf_final_principles_for_cybersecurity_guidance.pdf.

As I continue to participate in the NAIC's Cybersecurity Task Force, and as the MIA begins to evaluate these guiding principles for application at the domestic level, I would welcome your thoughts as to how the objectives outlined in this document might be implemented in Maryland. I also intend to be an effective advocate for Maryland's consumers and insurance companies as a member of the NAIC Cybersecurity Task Force, and I welcome your feedback to that end. Finally, I am eager to learn about what your companies are currently doing to protect themselves and their consumers from cybersecurity risks.

I look forward to partnering with you to protect the interests of Maryland's consumers and companies in this evolving regulatory arena. Questions related to this initiative may be directed to the MIA's Director of Regulatory Affairs and NAIC Liaison, Cathy Grason by email at catherine.grason@maryland.gov, or by phone at 410-468-2201.

Sincerely,
Al Redmer, Jr.
Insurance Commissioner