Till now our experience with insurance agencies has been fairly reactive and driven by IT. In the background we've been keeping an eye on the National Association of Insurance Commissioners (the NAIC) regulations and how they would impact Small and Medium Sized Businesses (SMB). In April the Cybersecurity (EX) Task Force (the Task Force) first presented the Insurance Data Security Model Law (the Model Law) it generated more than 40 comment letters from trade associations, market participants and regulators. insurance industry association . It appears that the, "something has happened, now can you help us fix, resolve, remediate it" approach to Data / Information or Cyber Security is about to change drastically.