“Among other steps, Kentucky’s law requires insurers to ‘identify reasonably foreseeable internal or external threats that could result in unauthorized access, transmission, disclosure, misuse, alteration, or destruction of nonpublic information, including the security of information systems and nonpublic information that are accessible to, or held by, third-party service providers,’ the law reads.”
Source: Kentucky Becomes 21st State to Adopt Model Cyber Security Law for Insurers