Every client SSN, DOB, driver license, and bank account lives in your AMS and your email archive. One compromised producer account is a reportable breach under most state adoptions of NAIC Model Law 668. Most agencies your size have zero monitoring on that layer.
Have adopted NAIC Model Law 668 with cyber-security obligations for insurance licensees
36 detection engines sweep your Microsoft 365, Google Workspace, AWS, and Cloudflare accounts every five minutes. Critical threats surface instantly. Normal activity gets filed away.
A producer inbox holds quotes with full SSNs, DOBs, driver license numbers, and prior-claim history. One account takeover exfiltrates the entire book of business — and every state you write in imposes notification obligations.
Phishing targeted at producers to steal carrier-portal logins. The attacker binds fraudulent policies, cancels real ones, or rebates commissions to their own accounts before you notice.
Auto-pay setup emails intercepted in a hijacked inbox, then replayed with new routing numbers. Clients think they are paying their premium; the money goes to the attacker and the policy lapses.
SentinelSMB provides the continuous-monitoring, access-control, and incident-response controls these frameworks require. Pro subscribers get the audit-ready evidence package.
Adopted by a majority of states as state law, Model Law 668 requires licensees to implement a written information security program with ongoing risk assessment, access controls, and continuous monitoring of systems holding NPI.
Insurance producers are financial institutions under GLBA. The amended Safeguards Rule (effective June 2023) requires continuous monitoring, designated qualified individual, and incident response plan.
Most state insurance department regs require notification to the commissioner within 72 hours of a determined cyber event. SentinelSMB provides the exact detection timestamps and evidence you need to meet those windows.
If you are licensed in New York, 23 NYCRR 500 imposes specific continuous-monitoring, access-control, and audit-logging requirements. SentinelSMB covers the monitoring and logging controls directly.
SentinelSMB provides the continuous-monitoring, access-logging, and incident-response components Model Law 668 requires. You still need a written information security program, designated qualified individual, and documented risk assessment. Pro subscribers get the policy-template foundation for the written program.
Most carriers now include cybersecurity attestations in the appointment agreement. Documented continuous monitoring is the evidence carriers increasingly ask for. We generate the underwriter-ready evidence package automatically for Pro subscribers.
SentinelSMB maps your monitoring to NAIC Model Law 668, GLBA, NY DFS 23 NYCRR 500, and the patchwork of state insurance department regs. The compliance page in your dashboard shows framework-by-framework status.
Yes. When we detect a threat, you get an exact timestamp, the affected accounts, and the evidence we saw — which is what the commissioner will ask for. For Pro subscribers, Incident Response Access is included.
NAIC 668 compliance is not a binder of policies. It is actual monitoring. Get live in under 10 minutes. 7-day free trial, cancel anytime.