Insurance carriers and brokers handle policyholder data, actuarial models, claims records, and reinsurance arrangements under state insurance department cybersecurity regulations — including the NAIC Insurance Data Security Model Law adopted in over 20 states — that require board-level accountability for cybersecurity risk and demonstrable access controls over sensitive data. The insurance sector is also a primary driver of Zero Trust adoption indirectly: cyber insurers are refusing coverage or requiring premium surcharges for organisations that cannot demonstrate MFA, network segmentation, and privileged access controls.
Related: Financial · GLBA · Privileged Access · MFA · Identity Governance & Admin