March 23, 2021
The New York Department of Financial Services’ (DFS) second enforcement action to date under its cybersecurity regulation underscores the importance of promptly investigating potential cybersecurity events. It also raises questions about whether insurance coverage would be available for amounts paid …
April 17, 2019
In March of 2017, the New York Department of Financial Services (DFS) implemented 23 NYCRR §500 (NY Reg. 500). In doing so, it became the first state regulatory authority to impose regulations that address cybersecurity concerns applicable to insurance-related entities …
March 27, 2019
This writing presents a framework that if adopted by insurance agencies and carriers could simplify and minimize the cost of complying with the New York Department of Finance Regulation 23 NYCRR Section 500.11 “Third-Party Service Provider Security” while simultaneously deploying …
February 1, 2019
The final implementation period for the New York Department of Financial Services’ (DFS) cybersecurity regulation covering DFS-regulated entities and licensed individuals ends March 1, 2019. New York’s first-in-the-nation cybersecurity regulation became effective March 1, 2017, and DFS implemented a two-year …
October 10, 2018
It has been more than a year and a half since the New York Department of Financial Services cybersecurity regulations (cyber rules) came into effect, and yet another compliance deadline has passed. Broadly, “covered entities,” which means you if you …
August 9, 2018
The third transitional period for New York’s first-in-the-nation cybersecurity regulation for all Department of Financial Services (DFS) regulated entities ends on September 4, 2018. Beginning on September 4, banks, insurance companies and other financial services institutions regulated by DFS are …
January 31, 2018
What were you planning to give the New York Department of Financial Services for Valentine’s Day? Hopefully, a certificate of compliance. It is hard to believe that almost a year has passed since the NYDFS cybersecurity regulations (Cyber Rules) became …
January 23, 2018
New York Department of Financial Services Superintendent Maria T. Vullo has reminded all regulated entities and licensed persons covered by the Department of Financial Services’s (DFS) cybersecurity regulation that the first certification of compliance must be filed on or prior …
October 10, 2017
If there were any remaining doubts about the vulnerability of our online systems, they were dispelled in September when giant credit reporting company Equifax revealed it was breached in July by cyber criminals, compromising the personal identifiable information (PII) of …
August 25, 2017
The New York Department of Financial Services (DFS) has issued cybersecurity requirements for financial services companies. Codified at 23 NYCRR §500, the law became effective on March 1, 2017, and requires insurance and insurance-related companies as well as brokers, agents …