Cybersecurity and Accountability Act of 2025 mandates cybersecurity measures for insurers in D.C.
The Cybersecurity and Accountability Act of 2025 requires insurers licensed in the District of Columbia to implement comprehensive information security programs to protect nonpublic information. These programs must include administrative, technical, and physical safeguards. Insurers must also notify the Commissioner within three business days of any cybersecurity event that could harm consumers or the insurer's operations. The Commissioner has the authority to investigate cybersecurity events and enforce compliance.
Included in complete analysis
- Overview
- Core Provisions
- Implementation
- Impact
- Legal Framework
- Critical Issues
See what it does, who it affects, and the critical issues in plain language. Free, 30 seconds.