Based largely on the NY DFS Cybersecurity Regulation that became effective March 1, 2017, the NAIC has adopted a Model Cybersecurity Law that would, once adopted by the various states, establish significant requirements for insurance industry licensees to adopt cybersecurity policies and procedures, to conduct risk assessments, to address the risk presented by third party service providers, and to implement various administrative and technical safeguards to protect certain data and systems.  A more detailed analysis will be forthcoming once the adopted model is published, but based on the most recent draft, the NAIC Model has fewer exemptions than the NY DFS regulation, and imposes fewer technical requirements.