This year has already brought some big updates in the insurance and cybersecurity world, especially around data privacy, cyber risk, and new requirements for both insurers and clients. For independent agents, keeping up with these changes isn’t just about following the rules. It’s about staying valuable to your clients and staying ahead of the competition in a market that’s changing fast. Here’s a quick rundown of the most important changes so far this year and what they could mean for you and your clients.
1. Tightened Cybersecurity & Reporting Requirements in New York
New York continues to lead the way in cybersecurity oversight. As of April 15, 2025, all entities covered by the New York Department of Financial Services (NYDFS) Cybersecurity Regulation must submit annual compliance forms, either certifying they meet the regulation in full or acknowledging where they fall short.
Then, starting May 1st, additional requirements kicked in, including stricter access controls, regular vulnerability scans, and continuous monitoring. The final phase of updates is scheduled for November 1, 2025, which will require broader controls, such as full asset inventories and stronger multi-factor authentication (MFA) obligations.
Why It Matters: If any of your clients do business in or with New York, they’ll face higher cybersecurity expectations. These regulations can directly impact underwriting, premiums, and even eligibility for certain types of cyber coverage. Agents who help clients understand and prepare for these changes will stand out as trusted advisors rather than just policy sellers.
2. Higher Auto Liability Minimums in Some States
It’s not just cyber rules that are getting tougher. Several states are also updating their minimum auto and liability requirements, with high limits for both bodily injury and property damage. A standout example is North Carolina. Effective July 1, 2025, the state's new minimums are:
- $50,000 per person / $100,000 per accident for bodily injury.
- $50,000 minimum for property damage.
- Underinsured motorist coverage becomes mandatory on all new or renewed policies.
In addition, some states are also redefining what “underinsured” means and changing how policy limits stack and how setoffs apply.
Why It Matters: If you have clients in this state (or others making similar changes), now is the time to review your clients’ auto policies and confirm clients meet the new minimums. It also presents an opportunity to discuss broader protection like umbrella policies.
3. “Business of Insurance Regulatory Reform Act of 2025” (S. 2419)
This bill might not make headlines like the others, but it could have lasting effects on how the insurance industry is regulated.
Introduced July 23, 2025, the Business of Insurance Regulatory Reform Act of 2025 (S. 2429) seeks to clarify the relationship between the Consumer Financial Protection Bureau (CFPB) and state-based insurance regulators. Essentially, it reaffirms that states remain the primary authority over insurance regulation and limits the CFPB’s authority over entities already overseen by state regulators.
Why It Matters: If this bill becomes law, it could shift how consumer protection rules apply, how complaints are handled, and how regulatory oversight is divided between state and federal bodies. For agents, staying informed means you can advise clients on the regulatory environment as well as their policy needs.
4. New Executive Order on Cybersecurity
Cyber threats aren’t slowing down, and neither is the federal government’s focus on them. On June 6, 2025, the administration released a new executive order called “Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity.” While it doesn’t impose new compliance obligations for all private firms, it updates earlier directives to address emerging threats and improve coordination among government agencies.
Why It Matters: Even if the direct impact on private firms is small, this order signals the federal government’s ongoing commitment to cyber resilience. That means businesses will increasingly think about cyber risk, and agents should expect increased interest in cyber insurance among business clients.
5. Emerging NAIC Model Privacy / Data Protection Law
Data privacy is another hot topic that isn’t cooling off anytime soon. According to Deloitte’s 2025 outlook, the National Association of Insurance Commissioners (NAIC) is expected to roll out a model privacy protections law later this year. This model law would standardize requirements around data disclosures, retention, security, and consumer rights.
If adopted by states, this could bring more uniform privacy rules across the industry, including for agencies, MGAs, and carriers.
Why It Matters: For agents, this means revisiting how you collect, store, and share client data. It also gives you an opportunity to position yourself as someone who proactively helps clients with data privacy risk, not just insurance risk.
6. More Stringent Cyber Insurance Underwriting Requirements
Finally, across the industry, cyber insurers are tightening underwriting standards, meaning clients need to have specific security standards in place before they’re eligible or favorably priced. Common requirements now include:
- Multi-Factor Authentication (MFA) for key systems and accounts
- Endpoint Detection & Response (EDR) tools or next-gen antivirus
- Employee cybersecurity training / phishing simulation programs
- Regular vulnerability scans and patch management
- Documented backup strategy and incident response plans
These elevated expectations are yielding real consequences: insurers are increasingly delaying coverage, denying applications, or charging much higher premiums for clients who can’t meet these benchmarks.
Why It Matters: When quoting or renewing cyber policies, walk through these requirements with your clients. If your clients aren’t prepared, they may face coverage problems or premium shock. Helping them upgrade their defenses can mean the difference between approval and denial.
How Agents Can Use This Recap to Stay Ahead
Start by mapping these legislative and regulatory changes to your client base: Which clients operate in New York? Which need to adjust their auto or health coverage? Who’s vulnerable to new cyber or privacy rules? Be sure to update your client questionnaires to include cybersecurity and compliance questions. Also, consider partnering with legal or IT consultants who specialize in these areas. Finally, keep communicating, whether through newsletters, webinars, or one-on-one conversations. Most clients won’t realize these changes affect them until it’s too late. These tips will help you stay on top of insurance and cybersecurity changes as we wrap up 2025 and welcome 2026.