Wisconsin’s new cybersecurity law was signed by Governor Tony Evers on July 15, 2021, and can be found in Wisconsin Statutes Subchapter IX of Chapter 601. The new law is aimed at protecting consumers from increasing risks of cybersecurity threats such as ransomware and data breaches from their insurers and their affiliate agencies. Threat actors remain on the offensive everyday so time is of the essence. Wisconsin insurers should immediately take steps to familiarize themselves with the new legislation and take immediate action to become compliant.
In order to comply, licensees have one year (Deadline of November 1, 2022) to conduct a risk assessment, address the vulnerabilities and risks identified, and create an information security program tailored to their business. Additionally, licensees must implement a comprehensive incident response plan, in the event of a cybersecurity event, and map out how they will provide notice in a timely fashion to affected consumers. The law also requires licensees to exercise appropriate diligence and due care in selecting their third-party service providers to ensure that these entities are also in alignment with the new regulations.
The law empowers the Office of the Commissioner of Insurance to examine and investigate the affairs of a licensee to determine violations of the requirements. Therefore, it remains a best practice for all insurance companies, providers, and agencies to take these steps and remain committed to protecting the personal information of their consumers.
While the law provides certain exemptions, we suggest to our clients that they become compliant with all aspects of this law; because meeting regulatory expectations through an exemption is not the same as complying with all parts of a regulation. One could expect that upon notification of a cybersecurity event, the Office of the Commissioner of Insurance will investigate how that organization complied, or failed to comply, with all sections of Act 73 regardless of their exemption status. Many of the sections of the law reflect industry leading practices relating to cybersecurity, the implementation of which would increase an organization’s cybersecurity maturity and preparedness to detect a cybersecurity event, respond to that event, and recover normal business operations.
Our team is here to help. We can assist you with a compliance assessment to understand your gaps and provide guidance and expertise to remediate your issues.
Wisconsin Act 73 Educational Seminar
In this video, Michael Arnold, CEO of ITNS Consulting, delivers an insightful and information packed educational seminar about 2021 Wisconsin Act 73 to insurance agencies throughout Southern Wisconsin. This seminar introduces all of the key requirements of the new legislation and provides insight on how to become fully compliant by using the NIST Cyber Security Framework (NIST CSF) as a guide.
Click here to download the “Links and Resources Document” referenced in the video.
Ready to have a conversation?
We would really love to hear from you! Give us a call at 608-563-1975 or fill out the form below to start working with our team.