Legislation to create cybersecurity standards for the insurance industry in Wisconsin has passed the Wisconsin Assembly and will likely pass the Wisconsin Senate, next week. This legislation (2019 Assembly Bill 819) creates standards for insurance businesses that will help protect customers’ private information from hackers. Larger businesses will be required to conduct risk assessments, develop information security programs based on those assessments and submit those plans to OCI.
Small businesses, including most PIA members, are exempted from these requirements. PIAW lobbied for a strong small business exemption because the cost of hiring a consultant to create an information security plan would be a burden for businesses without their own IT staff. The exemption says that if your business has fewer than 25 employees, or annual revenues below $5 million, or assets less than $10 million, you do not have to comply. Even for businesses that do not have to comply, the legislation lays out a roadmap for good information security practices.
The entire insurance industry in Wisconsin worked together with OCI and with lawmakers to pass this legislation. By getting out ahead on this issue and becoming one of the early states to adopt a cybersecurity law, we were able to design a law that accommodated the small businesses that are members of PIAW.