cybersecurity regulation News

So You Comply with New York Reg. 500: Now What?

In March of 2017, the New York Department of Financial Services (DFS) implemented 23 NYCRR §500 (NY Reg. 500). In doing so, it became the first state regulatory authority to impose regulations that address cybersecurity concerns applicable to insurance-related entities …

N.Y. Cyber Reg: A Third-Party Service Provider Compliance Framework

This writing presents a framework that if adopted by insurance agencies and carriers could simplify and minimize the cost of complying with the New York Department of Finance Regulation 23 NYCRR Section 500.11 “Third-Party Service Provider Security” while simultaneously deploying …

Final Implementation Deadline Approaching for New York’s Cybersecurity Regulation

The final implementation period for the New York Department of Financial Services’ (DFS) cybersecurity regulation covering DFS-regulated entities and licensed individuals ends March 1, 2019. New York’s first-in-the-nation cybersecurity regulation became effective March 1, 2017, and DFS implemented a two-year …

The Hits Keep Coming: More Transitional Cybersecurity Requirements in New York

It has been more than a year and a half since the New York Department of Financial Services cybersecurity regulations (cyber rules) came into effect, and yet another compliance deadline has passed. Broadly, “covered entities,” which means you if you …

Third Compliance Date Approaching for New York Cybersecurity Regulation

The third transitional period for New York’s first-in-the-nation cybersecurity regulation for all Department of Financial Services (DFS) regulated entities ends on September 4, 2018. Beginning on September 4, banks, insurance companies and other financial services institutions regulated by DFS are …

The New York DFS Wants Certificates of Compliance for Valentine’s Day

What were you planning to give the New York Department of Financial Services for Valentine’s Day? Hopefully, a certificate of compliance. It is hard to believe that almost a year has passed since the NYDFS cybersecurity regulations (Cyber Rules) became …

Filing Deadline Approaching for New York’s Cybersecurity Regulation

New York Department of Financial Services Superintendent Maria T. Vullo has reminded all regulated entities and licensed persons covered by the Department of Financial Services’s (DFS) cybersecurity regulation that the first certification of compliance must be filed on or prior …

What Insurance Companies Need to Know About Part 500 Cybersecurity Compliance

If there were any remaining doubts about the vulnerability of our online systems, they were dispelled in September when giant credit reporting company Equifax revealed it was breached in July by cyber criminals, compromising the personal identifiable information (PII) of …

Cybersecurity Requirements in New York: Determining Compliance

The New York Department of Financial Services (DFS) has issued cybersecurity requirements for financial services companies. Codified at 23 NYCRR §500, the law became effective on March 1, 2017, and requires insurance and insurance-related companies as well as brokers, agents …

First Steps Under New York’s Cyber Rules: Risk Assessment, Policies, Procedures

The Cybersecurity Requirements for Financial Services Companies (cyber rules) promulgated by the New York Department of Financial Services went into effect on March 1. Now, insurance companies, agencies, brokerages and producers (insurance professionals) doing business in New York, even those …