South Carolina Insurance Data Security Act

South Carolina has become the first state to enact a version of the Insurance Data Security Model Law,

drafted by the National Association of Insurance Commissioners (“NAIC”) in 2017. The South Carolina Insurance Data Security Act became effective on January 01, 2019.

To Whom Does the Act Apply?

The Act applies to all licensees of the South Carolina Department of lnsurance. The law expressly excludes out of state purchasing groups or risk retention groups, out of state licensees who are only acting as an assuming reinsurer or licensees with fewer than ten employees.

Is Cyber Risk Management a Board of Directors Issue?

Yes, the South Carolina Data Security Model Law states that the licensee’s board of directors or a designated executive management committee must develop, implement, and maintain a written information security program (“WISP”).

What are the Requirements of the South Carolina Insurance Data Security Act?

Licensees have until July 01, 2019 to implement a WISP designed to promptly respond to, and recover from, a cybersecurity incident.  The WISP must be commensurate with the size and complexity of the licensee and the nature and scope of the licensee’s activities along with its third-party service providers.

The WISP must include a written incident response plan designed to promptly respond to, and recover from, a cybersecurity event.

Lastly, the licensee must implement and maintain an employee security awareness training program.

What about Third-Party Service Providers?

By July 1, 2020, all licensees must have assessed their third-party service providers to ensure that data security best practices are in place.

Call to Action:

While South Carolina was the first state to enact the NAIC Data Security Model Law, other states are soon to follow. South Carolina insurance licensees are required to certify compliance on an annual basis with the South Carolina Insurance Data Security Act with the Department of Insurance. Cyber Special Ops, LLC is here to offer its expertise, experience and agility to help you address these data security requirements.

The Value of Concierge Cyber Services

What are Concierge Cyber Services?

Like concierge medicine, concierge cyber services provide organizations with a single source for all things cyber—both in preparation for a breach and in recovering from one—by bringing leading third-party experts to clients. The cyber concierge (consultant) becomes a trusted friend and advocate, helping clients navigate the complex world of cyber threats, laws and regulations.

Cyber Special Ops, LLC is the first consultancy to offer Concierge Cyber Services, with a membership that provides access to a credentialed panel of third-party service providers at rates comparable to those negotiated by leading insurance companies. Cyber Special Ops members receive 24/7 access, a toll-free phone number to connect directly with a cyber concierge, same-day appointments, meetings that last as long as it takes to address their needs, and various other amenities. In exchange for this enhanced access and personal attention, the client pays Cyber Special Ops, which is completely neutral with respect to third-party services and products, a modest annual membership fee.

Doesn’t my insurance provide these claim benefits?

Not necessarily. A cyber claim may invoke coverage under numerous policies including, but not limited to, stand-alone cyber, property, general liability, professional liability, management liability or crime. Even if you have insurance, you may not have access to immediate incident response. Given that time is of the essence, Cyber Special Ops provides its clients with immediate expertise, experience and agility to handle a cyber incident.

Who are Cyber Special Ops third-party service providers?

Our world-class panel is comprised of firms located across the United States, Canada and United Kingdom. An additional benefit is that our third-party service providers are recognized and approved by most stand-alone cyber insurance companies.

To summarize, Cyber Special Ops’ Concierge Cyber Services delivers:

  • Conference calls, as needed
  • Longer appointment times, including a complete review of relevant cyber threats
  • Same day and next day appointment availability, as needed
  • Wellness coaching, including the transfer of cyber risk
  • State of the art information security testing and incident response teams
  • 24/7 access to cyber risk management consultants