On April 17, 2015, the National Association of Insurance Commissioners' Cybersecurity Task Force (NAIC CTF) published a press release announcing that it has adopted Principles for Effective Cybersecurity Insurance Regulatory Guidance. The Guidance is intended for insurers, insurance producers and other regulated entities and identifies types of safeguards regulators expect insurers to have in place to protect consumers from cybersecurity breaches. It is also intended to establish insurance regulatory guidance that promotes coordination and protects insurance consumers.

The Guidance adopts established data security principles, for example that effective programs include:

In addition, the Guidance note that regulatory guidance for insurers and insurance producers should be flexible, scalable, practical and consistent with nationally recognized cybersecurity efforts, such as the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity.