Wisconsin Act 73 Insurance Data Security

Wisconsin’s new cybersecurity law was signed by Governor Tony Evers on July 15, 2021, and can be found in Wisconsin Statutes Subchapter IX of Chapter 601. The new law is aimed at protecting consumers from increasing risks of cybersecurity threats such as ransomware and data breaches from their insurers and their affiliate agencies. Threat actors remain on the offensive everyday so time is of the essence. Wisconsin insurers should immediately take steps to familiarize themselves with the new legislation and take immediate action to become compliant.

In order to comply, licensees have one year (Deadline of November 1, 2022) to conduct a risk assessment, address the vulnerabilities and risks identified, and create an information security program tailored to their business. Additionally, licensees must implement a comprehensive incident response plan, in the event of a cybersecurity event, and map out how they will provide notice in a timely fashion to affected consumers. The law also requires licensees to exercise appropriate diligence and due care in selecting their third-party service providers to ensure that these entities are also in alignment with the new regulations.

The law empowers the Office of the Commissioner of Insurance to examine and investigate the affairs of a licensee to determine violations of the requirements. Therefore, it remains a best practice for all insurance companies, providers, and agencies to take these steps and remain committed to protecting the personal information of their consumers.

While the law provides certain exemptions, we suggest to our clients that they become compliant with all aspects of this law; because meeting regulatory expectations through an exemption is not the same as complying with all parts of a regulation. One could expect that upon notification of a cybersecurity event, the Office of the Commissioner of Insurance will investigate how that organization complied, or failed to comply, with all sections of Act 73 regardless of their exemption status. Many of the sections of the law reflect industry leading practices relating to cybersecurity, the implementation of which would increase an organization’s cybersecurity maturity and preparedness to detect a cybersecurity event, respond to that event, and recover normal business operations.

Our team is here to help. We can assist you with a compliance assessment to understand your gaps and provide guidance and expertise to remediate your issues.

Wisconsin Act 73 Educational Seminar


In this video, Michael Arnold, CEO of ITNS Consulting, delivers an insightful and information packed educational seminar about 2021 Wisconsin Act 73 to insurance agencies throughout Southern Wisconsin. This seminar introduces all of the key requirements of the new legislation and provides insight on how to become fully compliant by using the NIST Cyber Security Framework (NIST CSF) as a guide.

Click here to download the “Links and Resources Document” referenced in the video.

Ready to have a conversation?

We would really love to hear from you! Give us a call at 608-563-1975 or fill out the form below to start working with our team.

Fill out my online form.

Cybersecurity: What Every Business Owner Should Know
While organizations and workers have certainly benefitted from the advancement of technology, …
Why You Must Comply With Your Cyber Liability Insurance
If you think that your cyber insurance claim will be cleared with …
The Beginner’s Guide to Cyber Liability Insurance for Business
The COVID-19 pandemic has impacted everyone in one way or another. If …
Making Hybrid Work Environments Secure
The COVID-19 pandemic caused an unprecedented shift in the way people work. …
Defense in Depth (DiD): Think Like a Hacker
The current threat landscape is rapidly advancing, with cybercriminals constantly upgrading their …
Why Attacks on Critical Infrastructure Are Dangerous
Critical Infrastructure (CI) comprises physical and cyber assets vital for the smooth …
4 Reasons Cybersecurity Attack Surfaces Are Expanding
The COVID-19 pandemic impacted individuals and businesses all over the world in …
How Can Cyber Resilience Protect SMBs?
Small and Medium Businesses (SMBs) usually invest less in cybersecurity, making them …