SlideShare ist ein Scribd-Unternehmen logo

New York State Department of Financial Services Expands Its Cyber Focus to Insurers

N
NationalUnderwriter

New York State Department of Financial Services Expands Its Cyber Focus to Insurers by Eric R. Dinallo, Jeremy Feigelson, David A. O’Neil, Jim Pastore, and Jordan R. Friedland The New York State Department of Financial Services (“DFS”) recently announced a major expansion of its cybersecurity efforts: DFS will require insurers to respond to a special “comprehensive risk assessment” on cybersecurity, with those assessments to be followed by an enhanced focus on cybersecurity as part of DFS’s regular examinations of insurers. DFS’s announcement expands to insurance the increasingly rigorous approach it has recently applied to banks in the area of cyber security. More importantly, it offers critical guidance to all industries about what regulators will consider adequate precautions and preparation in this area.

Recht
1 von 3
Downloaden Sie, um offline zu lesen
The Insurance Coverage Law Information Center The following article is from National Underwriter’s latest online resource, FC&S Legal: The Insurance Coverage Law Information Center. NEW YORK STATE DEPARTMENT OF FINANCIAL SERVICES EXPANDS ITS CYBER FOCUS TO INSURERS Eric R. Dinallo, Jeremy Feigelson, David A. O’Neil, Jim Pastore, and Jordan R. Friedland April 23, 2015 The New York State Department of Financial Services (“DFS”) recently announced a major expansion of its cybersecurity efforts: DFS will require insurers to respond to a special “comprehensive risk assessment” on cybersecurity, with those assessments to be followed by an enhanced focus on cybersecurity as part of DFS’s regular examinations of insurers. DFS’s announcement expands to insurance the increasingly rigorous approach it has recently applied to banks in the area of cybersecurity. More importantly, it offers critical guidance to all industries about what regulators will consider adequate precautions and preparation in this area. The DFS Letter The DFS action took the form of a so-called “308 letter” from Benjamin Lawsky, the DFS Superintendent, to CEOs, general counsels and CIOs of insurers. Section 308 of the New York Insurance Law gives DFS broad information-gathering powers. This 308 letter spells out the details of the one-time comprehensive risk assessment in the form of a detailed written questionnaire that must be answered by April 27. Insurers will have to answer questions about a broad range of cybersecurity issues – many of which mirror those that DFS required banks to answer in December 2014 – including: - Corporate governance of cybersecurity, including the curriculum vitae and job description of the Chief Information Security Officer or other senior person responsible for cybersecurity; - Policies and procedures designed to further the goals of confidentiality, integrity and availability of data, including the integration of data classification (a/k/a the sorting of data according to its sensitivity and risk level) into such policies and procedures; - Various highly specific security topics, such as the use of multi-factor authentication, patch management, penetration testing and vendor management. (N.B.: It is a matter of public record that criminals’ abuse of credentials issued to third-party vendors has been implicated in a number of recent, high-profile hacks.); - Steps taken to adhere to the Framework for Improving Critical Infrastructure Cybersecurity issued by the National Institute of Standards and Technology (“NIST”) on February 12, 2014 concerning third-party stakeholders; - Policies and procedures governing relationships with third-party service providers that address information security risks; - Protections used to safeguard sensitive data that is sent to, received from or accessible to third-party service providers, such as encryption or multi-factor authentication; - Protections against loss or damage incurred as a result of an information security failure by a third-party service provider; - Incident detection and response processes, including real-time monitoring and the institution’s written incident response plan; Call 1-800-543-0874 | Email customerservice@SummitProNets.com | www.fcandslegal.com
- Cyber insurance coverage; and - Periodic reevaluation of policies and procedures in light of changing risks. In the 308 letter, DFS notes its expectation that companies will make efforts to obtain any information necessary to respond to the questionnaire from parent or affiliate companies, and imposes upon parent companies the obligation to obtain such information from subsidiaries. Implications for Insurers and Other Companies DFS has not promulgated specific cybersecurity standards, but it is strongly suggesting what it considers best practices by the questions it asks. We have previously called that “regulation by implication” – the questions themselves imply answers that the agency is likely to prefer. Strong substantive answers on the enumerated topics, clearly presented, can be expected to generate clean examination reports. Answers that DFS considers highly unsatisfactory, in contrast, could prompt DFS to pursue civil enforcement measures. Take multi-factor authentication as an example. For the uninitiated, this is the practice of requiring more than a single username/password combination to access a computer system – for instance, use of a one-time code received via a token or text message in addition to a password is a common form of multi-factor authentication. No state or federal law expressly dictates the use of multi-factor authentication, but by asking companies to describe their practices in this area, DFS is clearly signaling that, going forward, it hopes to see companies adopt policies and procedures favoring multi-factor authentication. That is consistent with Superintendent Lawsky’s comments, in a February 25 speech, that DFS was considering promulgating regulations mandating the use of multi-factor authentication because, according to Superintendent Lawsky, single-factor authentication “should have been dead and buried many years ago,” and “it is time that we bury it now.” Another example is the new requirement (not previously applied by DFS to banks) for institutions to describe steps they have taken to adhere to the Cybersecurity Framework promulgated by NIST. The NIST Framework does not have the force of law, though DFS’s reliance on it is yet another indication that the standard is increasingly seen as the emerging gold standard of cybersecurity benchmarks. Simply by asking about the NIST Framework, DFS nudges it toward preferred legal status. That being said, nothing in DFS’s guidance suggests that alternative benchmarking tools like ISO or SANS are inadequate or flawed. This approach of regulation-by-inquiry is reflected throughout the DFS guidance: Simply by asking pointed questions – about vendor management, patch management, the use of written incident response plans and so on – DFS is dropping strong hints as to what it will consider “right” answers in the context of the examinations it will conduct in 2015. Conclusion Although the most recent DFS guidance specifically applies only to the insurers it regulates, management and boards throughout corporate America would do well to study both this guidance and the guidance issued to banks in December 2014. Companies that suffer cybersecurity incidents increasingly are facing pressure to defend themselves – whether in private litigation or in regulatory enforcement actions. Companies in all industries thus may find the DFS “308 letter” a useful checklist for assessing their own cybersecurity posture. About The Authors Eric R. Dinallo and Jeremy Feigelson are partners, and Jim Pastore is counsel in the New York office of Debevoise Plimpton LLP. David A. O’Neil is partner and Jordan R. Friedland is an associate in the Washington, D.C., office. The authors may be contacted at edinallo@debevoise.com, jfeigels@debevoise.com, jjpastor@debevoise.com, daoneil@debevoise.com, and jrfriedl@debevoise.com, respectively. Call 1-800-543-0874 | Email customerservice@SummitProNets.com | www.fcandslegal.com
Call 1-800-543-0874 | Email customerservice@SummitProNets.com | www.fcandslegal.com Copyright © 2015 The National Underwriter Company. All Rights Reserved. NOTE: The content posted to this account from FCS Legal: The Insurance Coverage Law Information Center is current to the date of its initial publication. There may have been further developments of the issues discussed since the original publication. This publication is designed to provide accurate and authoritative information in regard to the subject matter covered. It is sold with the understanding that the publisher is not engaged in rendering legal, accounting or other professional service. If legal advice is required, the services of a competent professional person should be sought. For more information, or to begin your free trial: • Call: 1-800-543-0874 • Email: customerservice@SummitProNets.com • Online: www.fcandslegal.com FCS Legal guarantees you instant access to the most authoritative and comprehensive insurance coverage law information available today. This powerful, up-to-the-minute online resource enables you to stay apprised of the latest developments through your desktop, laptop, tablet, or smart phone —whenever and wherever you need it.

Empfohlen

Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousComplacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousEthan S. Burger
 
employee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurityemployee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurityPaul Ferrillo
 
Cyber Liability Risk
Cyber Liability RiskCyber Liability Risk
Cyber Liability RiskChristopher Rieser
 
The Basics of Cyber Insurance
The Basics of Cyber InsuranceThe Basics of Cyber Insurance
The Basics of Cyber InsuranceHB Litigation Conferences
 
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSCYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSHB Litigation Conferences
 
11 pp-cybersecurity-revised2 a
11 pp-cybersecurity-revised2 a11 pp-cybersecurity-revised2 a
11 pp-cybersecurity-revised2 aIT Strategy Group
 
Wollmuth Maher & Deutsch LLP -Takeaways From The SEC Cybersecurity Examinatio...
Wollmuth Maher & Deutsch LLP -Takeaways From The SEC Cybersecurity Examinatio...Wollmuth Maher & Deutsch LLP -Takeaways From The SEC Cybersecurity Examinatio...
Wollmuth Maher & Deutsch LLP -Takeaways From The SEC Cybersecurity Examinatio...Jason Glass, CFA, CISSP
 
Ci2 cyber insurance presentation
Ci2 cyber insurance presentationCi2 cyber insurance presentation
Ci2 cyber insurance presentationEthan S. Burger
 

Empfohlen

Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousComplacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousEthan S. Burger
 
employee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurityemployee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurityPaul Ferrillo
 
Cyber Liability Risk
Cyber Liability RiskCyber Liability Risk
Cyber Liability RiskChristopher Rieser
 
The Basics of Cyber Insurance
The Basics of Cyber InsuranceThe Basics of Cyber Insurance
The Basics of Cyber InsuranceHB Litigation Conferences
 
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSCYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSHB Litigation Conferences
 
11 pp-cybersecurity-revised2 a
11 pp-cybersecurity-revised2 a11 pp-cybersecurity-revised2 a
11 pp-cybersecurity-revised2 aIT Strategy Group
 
Wollmuth Maher & Deutsch LLP -Takeaways From The SEC Cybersecurity Examinatio...
Wollmuth Maher & Deutsch LLP -Takeaways From The SEC Cybersecurity Examinatio...Wollmuth Maher & Deutsch LLP -Takeaways From The SEC Cybersecurity Examinatio...
Wollmuth Maher & Deutsch LLP -Takeaways From The SEC Cybersecurity Examinatio...Jason Glass, CFA, CISSP
 
Ci2 cyber insurance presentation
Ci2 cyber insurance presentationCi2 cyber insurance presentation
Ci2 cyber insurance presentationEthan S. Burger
 
Chief Audit Execs speak out: Cybersecurity & risk management
Chief Audit Execs speak out: Cybersecurity & risk managementChief Audit Execs speak out: Cybersecurity & risk management
Chief Audit Execs speak out: Cybersecurity & risk managementGrant Thornton LLP
 
Cyber Insurance Temp
Cyber Insurance TempCyber Insurance Temp
Cyber Insurance TempRohan Sehgal
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paperspencerharry
 
BCC (2012): Federal Panel Identifying Future Government Needs
BCC (2012): Federal Panel Identifying Future Government NeedsBCC (2012): Federal Panel Identifying Future Government Needs
BCC (2012): Federal Panel Identifying Future Government NeedsDuane Blackburn
 
Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide InsuranceCyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide InsuranceStatewide Insurance Brokers
 
10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance 10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance Hubbard Insurance Group
 
All's Fair in Love and Cyber Warfare
All's Fair in Love and Cyber WarfareAll's Fair in Love and Cyber Warfare
All's Fair in Love and Cyber WarfareNationalUnderwriter
 
Cyber Insurance CLE
Cyber Insurance CLE Cyber Insurance CLE
Cyber Insurance CLE Sarah Stogner
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age padler01
 
CIOReview
CIOReviewCIOReview
CIOReviewTeri Cotton Santos, JD
 
BEA Presentation
BEA PresentationBEA Presentation
BEA PresentationGlenn E. Davis
 
Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers - Cyber Insurance 101Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers - Cyber Insurance 101Statewide Insurance Brokers
 
Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Richard Brzakala
 
GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...
GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...
GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...Patton Boggs LLP
 
Data Breaches: The Cost of Being Unprepared
Data Breaches: The Cost of Being UnpreparedData Breaches: The Cost of Being Unprepared
Data Breaches: The Cost of Being Unpreparedhaynormania
 
July 2010 Cover Story
July 2010 Cover StoryJuly 2010 Cover Story
July 2010 Cover StoryPatrick Spencer
 
Primer on cybersecurity for boards of directors
Primer on cybersecurity for boards of directorsPrimer on cybersecurity for boards of directors
Primer on cybersecurity for boards of directorsDavid X Martin
 
Personally Identifiable Information Protection
Personally Identifiable Information ProtectionPersonally Identifiable Information Protection
Personally Identifiable Information ProtectionPECB
 
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMS
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMSSOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMS
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMSHB Litigation Conferences
 
Logikcull Webinar: Preventing the Next Panama Papers
Logikcull Webinar: Preventing the Next Panama PapersLogikcull Webinar: Preventing the Next Panama Papers
Logikcull Webinar: Preventing the Next Panama PapersLogikcull.com
 
cybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattcybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattYigal Behar
 
C-Suite Guide to Cybersecurity
C-Suite Guide to CybersecurityC-Suite Guide to Cybersecurity
C-Suite Guide to CybersecurityMICHAEL MOSHIRI
 

Weitere ähnliche Inhalte

Was ist angesagt?

Chief Audit Execs speak out: Cybersecurity & risk management
Chief Audit Execs speak out: Cybersecurity & risk managementChief Audit Execs speak out: Cybersecurity & risk management
Chief Audit Execs speak out: Cybersecurity & risk managementGrant Thornton LLP
 
Cyber Insurance Temp
Cyber Insurance TempCyber Insurance Temp
Cyber Insurance TempRohan Sehgal
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paperspencerharry
 
BCC (2012): Federal Panel Identifying Future Government Needs
BCC (2012): Federal Panel Identifying Future Government NeedsBCC (2012): Federal Panel Identifying Future Government Needs
BCC (2012): Federal Panel Identifying Future Government NeedsDuane Blackburn
 
Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide InsuranceCyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide InsuranceStatewide Insurance Brokers
 
10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance 10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance Hubbard Insurance Group
 
All's Fair in Love and Cyber Warfare
All's Fair in Love and Cyber WarfareAll's Fair in Love and Cyber Warfare
All's Fair in Love and Cyber WarfareNationalUnderwriter
 
Cyber Insurance CLE
Cyber Insurance CLE Cyber Insurance CLE
Cyber Insurance CLE Sarah Stogner
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age padler01
 
Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers - Cyber Insurance 101Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers - Cyber Insurance 101Statewide Insurance Brokers
 
Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Richard Brzakala
 
GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...
GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...
GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...Patton Boggs LLP
 
Data Breaches: The Cost of Being Unprepared
Data Breaches: The Cost of Being UnpreparedData Breaches: The Cost of Being Unprepared
Data Breaches: The Cost of Being Unpreparedhaynormania
 
Primer on cybersecurity for boards of directors
Primer on cybersecurity for boards of directorsPrimer on cybersecurity for boards of directors
Primer on cybersecurity for boards of directorsDavid X Martin
 
Personally Identifiable Information Protection
Personally Identifiable Information ProtectionPersonally Identifiable Information Protection
Personally Identifiable Information ProtectionPECB
 
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMS
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMSSOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMS
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMSHB Litigation Conferences
 
Logikcull Webinar: Preventing the Next Panama Papers
Logikcull Webinar: Preventing the Next Panama PapersLogikcull Webinar: Preventing the Next Panama Papers
Logikcull Webinar: Preventing the Next Panama PapersLogikcull.com
 

Was ist angesagt? (20)

Chief Audit Execs speak out: Cybersecurity & risk management
Chief Audit Execs speak out: Cybersecurity & risk managementChief Audit Execs speak out: Cybersecurity & risk management
Chief Audit Execs speak out: Cybersecurity & risk management
 
Cyber Insurance Temp
Cyber Insurance TempCyber Insurance Temp
Cyber Insurance Temp
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paper
 
BCC (2012): Federal Panel Identifying Future Government Needs
BCC (2012): Federal Panel Identifying Future Government NeedsBCC (2012): Federal Panel Identifying Future Government Needs
BCC (2012): Federal Panel Identifying Future Government Needs
 
Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide InsuranceCyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
 
10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance 10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance
 
All's Fair in Love and Cyber Warfare
All's Fair in Love and Cyber WarfareAll's Fair in Love and Cyber Warfare
All's Fair in Love and Cyber Warfare
 
Cyber Insurance CLE
Cyber Insurance CLE Cyber Insurance CLE
Cyber Insurance CLE
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age
 
CIOReview
CIOReviewCIOReview
CIOReview
 
BEA Presentation
BEA PresentationBEA Presentation
BEA Presentation
 
Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers - Cyber Insurance 101Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers - Cyber Insurance 101
 
Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals
 
GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...
GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...
GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...
 
Data Breaches: The Cost of Being Unprepared
Data Breaches: The Cost of Being UnpreparedData Breaches: The Cost of Being Unprepared
Data Breaches: The Cost of Being Unprepared
 
July 2010 Cover Story
July 2010 Cover StoryJuly 2010 Cover Story
July 2010 Cover Story
 
Primer on cybersecurity for boards of directors
Primer on cybersecurity for boards of directorsPrimer on cybersecurity for boards of directors
Primer on cybersecurity for boards of directors
 
Personally Identifiable Information Protection
Personally Identifiable Information ProtectionPersonally Identifiable Information Protection
Personally Identifiable Information Protection
 
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMS
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMSSOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMS
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMS
 
Logikcull Webinar: Preventing the Next Panama Papers
Logikcull Webinar: Preventing the Next Panama PapersLogikcull Webinar: Preventing the Next Panama Papers
Logikcull Webinar: Preventing the Next Panama Papers
 

Andere mochten auch

cybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattcybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattYigal Behar
 
C-Suite Guide to Cybersecurity
C-Suite Guide to CybersecurityC-Suite Guide to Cybersecurity
C-Suite Guide to CybersecurityMICHAEL MOSHIRI
 
New York DFS proposed cybersecurity regulations
New York DFS proposed cybersecurity regulationsNew York DFS proposed cybersecurity regulations
New York DFS proposed cybersecurity regulationsBrunswick Group
 
NYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity RegulationsNYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity RegulationsJon Bosco
 
Future of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.RosenquistFuture of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.RosenquistMatthew Rosenquist
 
How to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteHow to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteSurfWatch Labs
 
Securing the Cloud by Matthew Rosenquist 2016
Securing the Cloud by Matthew Rosenquist 2016Securing the Cloud by Matthew Rosenquist 2016
Securing the Cloud by Matthew Rosenquist 2016Matthew Rosenquist
 
CSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew RosenquistCSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew RosenquistMatthew Rosenquist
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterTuan Phan
 
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistTop 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistMatthew Rosenquist
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityNeha Gupta
 
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the BoardroomSecuring the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the BoardroomIBM Security
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkTuan Phan
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 ChallengesLeandro Bennaton
 
How to Approach the NYDFS Proposed Cybersecurity Requirements
How to Approach the NYDFS Proposed Cybersecurity RequirementsHow to Approach the NYDFS Proposed Cybersecurity Requirements
How to Approach the NYDFS Proposed Cybersecurity RequirementsKyle Brown
 
Cyber crime ppt
Cyber crime pptCyber crime ppt
Cyber crime pptMOE515253
 

Andere mochten auch (17)

cybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattcybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-matt
 
C-Suite Guide to Cybersecurity
C-Suite Guide to CybersecurityC-Suite Guide to Cybersecurity
C-Suite Guide to Cybersecurity
 
Layers of Cyber Protection
Layers of Cyber ProtectionLayers of Cyber Protection
Layers of Cyber Protection
 
New York DFS proposed cybersecurity regulations
New York DFS proposed cybersecurity regulationsNew York DFS proposed cybersecurity regulations
New York DFS proposed cybersecurity regulations
 
NYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity RegulationsNYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity Regulations
 
Future of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.RosenquistFuture of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.Rosenquist
 
How to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteHow to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-Suite
 
Securing the Cloud by Matthew Rosenquist 2016
Securing the Cloud by Matthew Rosenquist 2016Securing the Cloud by Matthew Rosenquist 2016
Securing the Cloud by Matthew Rosenquist 2016
 
CSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew RosenquistCSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew Rosenquist
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
 
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistTop 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the BoardroomSecuring the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity Framework
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 Challenges
 
How to Approach the NYDFS Proposed Cybersecurity Requirements
How to Approach the NYDFS Proposed Cybersecurity RequirementsHow to Approach the NYDFS Proposed Cybersecurity Requirements
How to Approach the NYDFS Proposed Cybersecurity Requirements
 
Cyber crime ppt
Cyber crime pptCyber crime ppt
Cyber crime ppt
 

Ähnlich wie New York State Department of Financial Services Expands Its Cyber Focus to Insurers

Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsKen M. Shaurette
 
Maintain data privacy during software development
Maintain data privacy during software developmentMaintain data privacy during software development
Maintain data privacy during software developmentMuhammadArif823
 
CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White PaperDmcenter
 
Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Michael C. Keeling, Esq.
 
Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity EssayMichael Solomon
 
Privacy Do's and Don'ts for Customer Service Representatives
Privacy Do's and Don'ts for Customer Service RepresentativesPrivacy Do's and Don'ts for Customer Service Representatives
Privacy Do's and Don'ts for Customer Service RepresentativesArt Hall
 
Cyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelCyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelPaul Di Gangi
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossShawn Tuma
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Financial Poise
 
Module 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemModule 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemIlonaThornburg83
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White PaperTodd Ruback
 
Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants- Mark - Fullbright
 
Cybersecurity_Alert_Dec_16_2014
Cybersecurity_Alert_Dec_16_2014Cybersecurity_Alert_Dec_16_2014
Cybersecurity_Alert_Dec_16_2014Paul Ferrillo
 
The Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOTThe Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOTCompliancy Group
 
What is in store for e-discovery in 2015?
What is in store for e-discovery in 2015?What is in store for e-discovery in 2015?
What is in store for e-discovery in 2015?Logikcull.com
 
Cybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guideCybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guideJoAnna Cheshire
 
Introduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsIntroduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsFinancial Poise
 
Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15James Fisher
 

Ähnlich wie New York State Department of Financial Services Expands Its Cyber Focus to Insurers (20)

Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessments
 
Maintain data privacy during software development
Maintain data privacy during software developmentMaintain data privacy during software development
Maintain data privacy during software development
 
CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White Paper
 
Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1
 
Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity Essay
 
Protecting Donor Privacy
Protecting Donor PrivacyProtecting Donor Privacy
Protecting Donor Privacy
 
Privacy Do's and Don'ts for Customer Service Representatives
Privacy Do's and Don'ts for Customer Service RepresentativesPrivacy Do's and Don'ts for Customer Service Representatives
Privacy Do's and Don'ts for Customer Service Representatives
 
Cyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelCyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework Panel
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
 
Module 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemModule 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancem
 
Data Privacy Compliance
Data Privacy ComplianceData Privacy Compliance
Data Privacy Compliance
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paper
 
Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants
 
Cybersecurity_Alert_Dec_16_2014
Cybersecurity_Alert_Dec_16_2014Cybersecurity_Alert_Dec_16_2014
Cybersecurity_Alert_Dec_16_2014
 
The Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOTThe Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOT
 
What is in store for e-discovery in 2015?
What is in store for e-discovery in 2015?What is in store for e-discovery in 2015?
What is in store for e-discovery in 2015?
 
Cybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guideCybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guide
 
Introduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsIntroduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and Requirements
 
Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15
 

Mehr von NationalUnderwriter

Excess and Surplus Lines Law: A 3-State Sample of a Complete State-by-State C...
Excess and Surplus Lines Law: A 3-State Sample of a Complete State-by-State C...Excess and Surplus Lines Law: A 3-State Sample of a Complete State-by-State C...
Excess and Surplus Lines Law: A 3-State Sample of a Complete State-by-State C...NationalUnderwriter
 
How to Successfully Navigate the Latest Changes to the Affordable Care Act
How to Successfully Navigate the Latest Changes to the Affordable Care ActHow to Successfully Navigate the Latest Changes to the Affordable Care Act
How to Successfully Navigate the Latest Changes to the Affordable Care ActNationalUnderwriter
 
Finding in Favor of Insurer, Jury Rejects Homeowners¹ Bid for $600,000 for Wa...
Finding in Favor of Insurer, Jury Rejects Homeowners¹ Bid for $600,000 for Wa...Finding in Favor of Insurer, Jury Rejects Homeowners¹ Bid for $600,000 for Wa...
Finding in Favor of Insurer, Jury Rejects Homeowners¹ Bid for $600,000 for Wa...NationalUnderwriter
 
The EU Solvency II Regime for Insurers: An Update on Implementation
The EU Solvency II Regime for Insurers: An Update on ImplementationThe EU Solvency II Regime for Insurers: An Update on Implementation
The EU Solvency II Regime for Insurers: An Update on ImplementationNationalUnderwriter
 
CFTC Grants No Action Relief to Commodity Pool Operators with Respect to Cert...
CFTC Grants No Action Relief to Commodity Pool Operators with Respect to Cert...CFTC Grants No Action Relief to Commodity Pool Operators with Respect to Cert...
CFTC Grants No Action Relief to Commodity Pool Operators with Respect to Cert...NationalUnderwriter
 
Arbitration in Insurance Coverage Disputes: Pluses and Minuses
Arbitration in Insurance Coverage Disputes: Pluses and MinusesArbitration in Insurance Coverage Disputes: Pluses and Minuses
Arbitration in Insurance Coverage Disputes: Pluses and MinusesNationalUnderwriter
 
Supreme Court of Texas Marries Contractual Limitations to Insurance Policies
Supreme Court of Texas Marries Contractual Limitations to Insurance PoliciesSupreme Court of Texas Marries Contractual Limitations to Insurance Policies
Supreme Court of Texas Marries Contractual Limitations to Insurance PoliciesNationalUnderwriter
 
Supreme Court of New Jersey Confirms "Fairly Debatable" Standard for First Pa...
Supreme Court of New Jersey Confirms "Fairly Debatable" Standard for First Pa...Supreme Court of New Jersey Confirms "Fairly Debatable" Standard for First Pa...
Supreme Court of New Jersey Confirms "Fairly Debatable" Standard for First Pa...NationalUnderwriter
 
Pennsylvania Supreme Court Holds Policyholders May Assign Their Statutory Rig...
Pennsylvania Supreme Court Holds Policyholders May Assign Their Statutory Rig...Pennsylvania Supreme Court Holds Policyholders May Assign Their Statutory Rig...
Pennsylvania Supreme Court Holds Policyholders May Assign Their Statutory Rig...NationalUnderwriter
 
Migrating Sand Triggers Separate Policy Limits for CGL Policy¹s Personal Inju...
Migrating Sand Triggers Separate Policy Limits for CGL Policy¹s Personal Inju...Migrating Sand Triggers Separate Policy Limits for CGL Policy¹s Personal Inju...
Migrating Sand Triggers Separate Policy Limits for CGL Policy¹s Personal Inju...NationalUnderwriter
 
Cyber Security and Insurance Coverage Protection: The Perfect Time for an Audit
Cyber Security and Insurance Coverage Protection: The Perfect Time for an AuditCyber Security and Insurance Coverage Protection: The Perfect Time for an Audit
Cyber Security and Insurance Coverage Protection: The Perfect Time for an AuditNationalUnderwriter
 
Class Actions: Insurance Related Claims
Class Actions: Insurance Related ClaimsClass Actions: Insurance Related Claims
Class Actions: Insurance Related ClaimsNationalUnderwriter
 
Clarifying Bad Faith Jurisprudence in Virginia, Federal Court Recognizes Bad ...
Clarifying Bad Faith Jurisprudence in Virginia, Federal Court Recognizes Bad ...Clarifying Bad Faith Jurisprudence in Virginia, Federal Court Recognizes Bad ...
Clarifying Bad Faith Jurisprudence in Virginia, Federal Court Recognizes Bad ...NationalUnderwriter
 
CFTC Grants No-Action Relief to Commodity Pool Operators with Respect to Cert...
CFTC Grants No-Action Relief to Commodity Pool Operators with Respect to Cert...CFTC Grants No-Action Relief to Commodity Pool Operators with Respect to Cert...
CFTC Grants No-Action Relief to Commodity Pool Operators with Respect to Cert...NationalUnderwriter
 
N.J. Trial Court Applies "Named Storm" Deductible in Superstorm Sandy Case
N.J. Trial Court Applies "Named Storm" Deductible in Superstorm Sandy CaseN.J. Trial Court Applies "Named Storm" Deductible in Superstorm Sandy Case
N.J. Trial Court Applies "Named Storm" Deductible in Superstorm Sandy CaseNationalUnderwriter
 
Clarifying Bad Faith Jurisprudence in Virginia, Federal Court Recognizes Bad-...
Clarifying Bad Faith Jurisprudence in Virginia, Federal Court Recognizes Bad-...Clarifying Bad Faith Jurisprudence in Virginia, Federal Court Recognizes Bad-...
Clarifying Bad Faith Jurisprudence in Virginia, Federal Court Recognizes Bad-...NationalUnderwriter
 
Wisconsin Supreme Court: Pollution Exclusion Bars Coverage for Well Contamin...
Wisconsin Supreme Court: Pollution Exclusion Bars Coverage for Well Contamin...Wisconsin Supreme Court: Pollution Exclusion Bars Coverage for Well Contamin...
Wisconsin Supreme Court: Pollution Exclusion Bars Coverage for Well Contamin...NationalUnderwriter
 
New York High Court Finds Lead Exposure Injuries to Children of Different Fam...
New York High Court Finds Lead Exposure Injuries to Children of Different Fam...New York High Court Finds Lead Exposure Injuries to Children of Different Fam...
New York High Court Finds Lead Exposure Injuries to Children of Different Fam...NationalUnderwriter
 
February14 IRS Valentine’s Day Words of Wisdom by Jay Katz
February14 IRS Valentine’s Day Words of Wisdom by Jay KatzFebruary14 IRS Valentine’s Day Words of Wisdom by Jay Katz
February14 IRS Valentine’s Day Words of Wisdom by Jay KatzNationalUnderwriter
 
Discharge of Debt Income (from The Tools & Techniques of Income Tax Planning)
Discharge of Debt Income (from The Tools & Techniques of Income Tax Planning)Discharge of Debt Income (from The Tools & Techniques of Income Tax Planning)
Discharge of Debt Income (from The Tools & Techniques of Income Tax Planning)NationalUnderwriter
 

Mehr von NationalUnderwriter (20)

Excess and Surplus Lines Law: A 3-State Sample of a Complete State-by-State C...
Excess and Surplus Lines Law: A 3-State Sample of a Complete State-by-State C...Excess and Surplus Lines Law: A 3-State Sample of a Complete State-by-State C...
Excess and Surplus Lines Law: A 3-State Sample of a Complete State-by-State C...
 
How to Successfully Navigate the Latest Changes to the Affordable Care Act
How to Successfully Navigate the Latest Changes to the Affordable Care ActHow to Successfully Navigate the Latest Changes to the Affordable Care Act
How to Successfully Navigate the Latest Changes to the Affordable Care Act
 
Finding in Favor of Insurer, Jury Rejects Homeowners¹ Bid for $600,000 for Wa...
Finding in Favor of Insurer, Jury Rejects Homeowners¹ Bid for $600,000 for Wa...Finding in Favor of Insurer, Jury Rejects Homeowners¹ Bid for $600,000 for Wa...
Finding in Favor of Insurer, Jury Rejects Homeowners¹ Bid for $600,000 for Wa...
 
The EU Solvency II Regime for Insurers: An Update on Implementation
The EU Solvency II Regime for Insurers: An Update on ImplementationThe EU Solvency II Regime for Insurers: An Update on Implementation
The EU Solvency II Regime for Insurers: An Update on Implementation
 
CFTC Grants No Action Relief to Commodity Pool Operators with Respect to Cert...
CFTC Grants No Action Relief to Commodity Pool Operators with Respect to Cert...CFTC Grants No Action Relief to Commodity Pool Operators with Respect to Cert...
CFTC Grants No Action Relief to Commodity Pool Operators with Respect to Cert...
 
Arbitration in Insurance Coverage Disputes: Pluses and Minuses
Arbitration in Insurance Coverage Disputes: Pluses and MinusesArbitration in Insurance Coverage Disputes: Pluses and Minuses
Arbitration in Insurance Coverage Disputes: Pluses and Minuses
 
Supreme Court of Texas Marries Contractual Limitations to Insurance Policies
Supreme Court of Texas Marries Contractual Limitations to Insurance PoliciesSupreme Court of Texas Marries Contractual Limitations to Insurance Policies
Supreme Court of Texas Marries Contractual Limitations to Insurance Policies
 
Supreme Court of New Jersey Confirms "Fairly Debatable" Standard for First Pa...
Supreme Court of New Jersey Confirms "Fairly Debatable" Standard for First Pa...Supreme Court of New Jersey Confirms "Fairly Debatable" Standard for First Pa...
Supreme Court of New Jersey Confirms "Fairly Debatable" Standard for First Pa...
 
Pennsylvania Supreme Court Holds Policyholders May Assign Their Statutory Rig...
Pennsylvania Supreme Court Holds Policyholders May Assign Their Statutory Rig...Pennsylvania Supreme Court Holds Policyholders May Assign Their Statutory Rig...
Pennsylvania Supreme Court Holds Policyholders May Assign Their Statutory Rig...
 
Migrating Sand Triggers Separate Policy Limits for CGL Policy¹s Personal Inju...
Migrating Sand Triggers Separate Policy Limits for CGL Policy¹s Personal Inju...Migrating Sand Triggers Separate Policy Limits for CGL Policy¹s Personal Inju...
Migrating Sand Triggers Separate Policy Limits for CGL Policy¹s Personal Inju...
 
Cyber Security and Insurance Coverage Protection: The Perfect Time for an Audit
Cyber Security and Insurance Coverage Protection: The Perfect Time for an AuditCyber Security and Insurance Coverage Protection: The Perfect Time for an Audit
Cyber Security and Insurance Coverage Protection: The Perfect Time for an Audit
 
Class Actions: Insurance Related Claims
Class Actions: Insurance Related ClaimsClass Actions: Insurance Related Claims
Class Actions: Insurance Related Claims
 
Clarifying Bad Faith Jurisprudence in Virginia, Federal Court Recognizes Bad ...
Clarifying Bad Faith Jurisprudence in Virginia, Federal Court Recognizes Bad ...Clarifying Bad Faith Jurisprudence in Virginia, Federal Court Recognizes Bad ...
Clarifying Bad Faith Jurisprudence in Virginia, Federal Court Recognizes Bad ...
 
CFTC Grants No-Action Relief to Commodity Pool Operators with Respect to Cert...
CFTC Grants No-Action Relief to Commodity Pool Operators with Respect to Cert...CFTC Grants No-Action Relief to Commodity Pool Operators with Respect to Cert...
CFTC Grants No-Action Relief to Commodity Pool Operators with Respect to Cert...
 
N.J. Trial Court Applies "Named Storm" Deductible in Superstorm Sandy Case
N.J. Trial Court Applies "Named Storm" Deductible in Superstorm Sandy CaseN.J. Trial Court Applies "Named Storm" Deductible in Superstorm Sandy Case
N.J. Trial Court Applies "Named Storm" Deductible in Superstorm Sandy Case
 
Clarifying Bad Faith Jurisprudence in Virginia, Federal Court Recognizes Bad-...
Clarifying Bad Faith Jurisprudence in Virginia, Federal Court Recognizes Bad-...Clarifying Bad Faith Jurisprudence in Virginia, Federal Court Recognizes Bad-...
Clarifying Bad Faith Jurisprudence in Virginia, Federal Court Recognizes Bad-...
 
Wisconsin Supreme Court: Pollution Exclusion Bars Coverage for Well Contamin...
Wisconsin Supreme Court: Pollution Exclusion Bars Coverage for Well Contamin...Wisconsin Supreme Court: Pollution Exclusion Bars Coverage for Well Contamin...
Wisconsin Supreme Court: Pollution Exclusion Bars Coverage for Well Contamin...
 
New York High Court Finds Lead Exposure Injuries to Children of Different Fam...
New York High Court Finds Lead Exposure Injuries to Children of Different Fam...New York High Court Finds Lead Exposure Injuries to Children of Different Fam...
New York High Court Finds Lead Exposure Injuries to Children of Different Fam...
 
February14 IRS Valentine’s Day Words of Wisdom by Jay Katz
February14 IRS Valentine’s Day Words of Wisdom by Jay KatzFebruary14 IRS Valentine’s Day Words of Wisdom by Jay Katz
February14 IRS Valentine’s Day Words of Wisdom by Jay Katz
 
Discharge of Debt Income (from The Tools & Techniques of Income Tax Planning)
Discharge of Debt Income (from The Tools & Techniques of Income Tax Planning)Discharge of Debt Income (from The Tools & Techniques of Income Tax Planning)
Discharge of Debt Income (from The Tools & Techniques of Income Tax Planning)
 

Kürzlich hochgeladen

Town of Haverhill's Motion for Summary Judgment on DTC Counterclaims
Town of Haverhill's Motion for Summary Judgment on DTC CounterclaimsTown of Haverhill's Motion for Summary Judgment on DTC Counterclaims
Town of Haverhill's Motion for Summary Judgment on DTC CounterclaimsRich Bergeron
 
PPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training CenterPPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training Centerejlfernandez22
 
Hungarian legislation made by Robert Miklos
Hungarian legislation made by Robert MiklosHungarian legislation made by Robert Miklos
Hungarian legislation made by Robert Miklosbeduinpower135
 
RA. 7432 and RA 9994 Senior Citizen .pptx
RA. 7432 and RA 9994 Senior Citizen .pptxRA. 7432 and RA 9994 Senior Citizen .pptx
RA. 7432 and RA 9994 Senior Citizen .pptxJFSB1
 
Understanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal FrameworksUnderstanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal FrameworksFinlaw Associates
 
The Punjab Land Reforms AcT 1972 HIRDEBIR.pptx
The Punjab Land Reforms AcT 1972 HIRDEBIR.pptxThe Punjab Land Reforms AcT 1972 HIRDEBIR.pptx
The Punjab Land Reforms AcT 1972 HIRDEBIR.pptxgurcharnsinghlecengl
 
Town of Haverhill's Summary Judgment Motion for Declaratory Judgment Case
Town of Haverhill's Summary Judgment Motion for Declaratory Judgment CaseTown of Haverhill's Summary Judgment Motion for Declaratory Judgment Case
Town of Haverhill's Summary Judgment Motion for Declaratory Judgment CaseRich Bergeron
 
Right to life and personal liberty under article 21
Right to life and personal liberty under article 21Right to life and personal liberty under article 21
Right to life and personal liberty under article 21vasanthakumarsk17
 
Labour legislations in India and its history
Labour legislations in India and its historyLabour legislations in India and its history
Labour legislations in India and its historyprasannamurthy6
 
Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...
Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...
Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...Rich Bergeron
 
Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.2020000445musaib
 
Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...
Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...
Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...Rich Bergeron
 
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los AngelesAre There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los AngelesChesley Lawyer
 
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdfWurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdfssuser3e15612
 
Choosing the Right Business Structure for Your Small Business in Texas
Choosing the Right Business Structure for Your Small Business in TexasChoosing the Right Business Structure for Your Small Business in Texas
Choosing the Right Business Structure for Your Small Business in TexasBrandy Austin
 
Illinois Department Of Corrections reentry guide
Illinois Department Of Corrections reentry guideIllinois Department Of Corrections reentry guide
Illinois Department Of Corrections reentry guideillinoisworknet11
 
citizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicablecitizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicableSaraSantiago44
 
1990-2004 Bar Questions and Answers in Sales
1990-2004 Bar Questions and Answers in Sales1990-2004 Bar Questions and Answers in Sales
1990-2004 Bar Questions and Answers in SalesMelvinPernez2
 
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTSTHE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTSRoshniSingh312153
 
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptxSarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptxAnto Jebin
 

Kürzlich hochgeladen (20)

Town of Haverhill's Motion for Summary Judgment on DTC Counterclaims
Town of Haverhill's Motion for Summary Judgment on DTC CounterclaimsTown of Haverhill's Motion for Summary Judgment on DTC Counterclaims
Town of Haverhill's Motion for Summary Judgment on DTC Counterclaims
 
PPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training CenterPPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training Center
 
Hungarian legislation made by Robert Miklos
Hungarian legislation made by Robert MiklosHungarian legislation made by Robert Miklos
Hungarian legislation made by Robert Miklos
 
RA. 7432 and RA 9994 Senior Citizen .pptx
RA. 7432 and RA 9994 Senior Citizen .pptxRA. 7432 and RA 9994 Senior Citizen .pptx
RA. 7432 and RA 9994 Senior Citizen .pptx
 
Understanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal FrameworksUnderstanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
 
The Punjab Land Reforms AcT 1972 HIRDEBIR.pptx
The Punjab Land Reforms AcT 1972 HIRDEBIR.pptxThe Punjab Land Reforms AcT 1972 HIRDEBIR.pptx
The Punjab Land Reforms AcT 1972 HIRDEBIR.pptx
 
Town of Haverhill's Summary Judgment Motion for Declaratory Judgment Case
Town of Haverhill's Summary Judgment Motion for Declaratory Judgment CaseTown of Haverhill's Summary Judgment Motion for Declaratory Judgment Case
Town of Haverhill's Summary Judgment Motion for Declaratory Judgment Case
 
Right to life and personal liberty under article 21
Right to life and personal liberty under article 21Right to life and personal liberty under article 21
Right to life and personal liberty under article 21
 
Labour legislations in India and its history
Labour legislations in India and its historyLabour legislations in India and its history
Labour legislations in India and its history
 
Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...
Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...
Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...
 
Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.
 
Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...
Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...
Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...
 
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los AngelesAre There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
 
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdfWurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
 
Choosing the Right Business Structure for Your Small Business in Texas
Choosing the Right Business Structure for Your Small Business in TexasChoosing the Right Business Structure for Your Small Business in Texas
Choosing the Right Business Structure for Your Small Business in Texas
 
Illinois Department Of Corrections reentry guide
Illinois Department Of Corrections reentry guideIllinois Department Of Corrections reentry guide
Illinois Department Of Corrections reentry guide
 
citizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicablecitizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicable
 
1990-2004 Bar Questions and Answers in Sales
1990-2004 Bar Questions and Answers in Sales1990-2004 Bar Questions and Answers in Sales
1990-2004 Bar Questions and Answers in Sales
 
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTSTHE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
 
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptxSarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
 

New York State Department of Financial Services Expands Its Cyber Focus to Insurers

  • 1. The Insurance Coverage Law Information Center The following article is from National Underwriter’s latest online resource, FC&S Legal: The Insurance Coverage Law Information Center. NEW YORK STATE DEPARTMENT OF FINANCIAL SERVICES EXPANDS ITS CYBER FOCUS TO INSURERS Eric R. Dinallo, Jeremy Feigelson, David A. O’Neil, Jim Pastore, and Jordan R. Friedland April 23, 2015 The New York State Department of Financial Services (“DFS”) recently announced a major expansion of its cybersecurity efforts: DFS will require insurers to respond to a special “comprehensive risk assessment” on cybersecurity, with those assessments to be followed by an enhanced focus on cybersecurity as part of DFS’s regular examinations of insurers. DFS’s announcement expands to insurance the increasingly rigorous approach it has recently applied to banks in the area of cybersecurity. More importantly, it offers critical guidance to all industries about what regulators will consider adequate precautions and preparation in this area. The DFS Letter The DFS action took the form of a so-called “308 letter” from Benjamin Lawsky, the DFS Superintendent, to CEOs, general counsels and CIOs of insurers. Section 308 of the New York Insurance Law gives DFS broad information-gathering powers. This 308 letter spells out the details of the one-time comprehensive risk assessment in the form of a detailed written questionnaire that must be answered by April 27. Insurers will have to answer questions about a broad range of cybersecurity issues – many of which mirror those that DFS required banks to answer in December 2014 – including: - Corporate governance of cybersecurity, including the curriculum vitae and job description of the Chief Information Security Officer or other senior person responsible for cybersecurity; - Policies and procedures designed to further the goals of confidentiality, integrity and availability of data, including the integration of data classification (a/k/a the sorting of data according to its sensitivity and risk level) into such policies and procedures; - Various highly specific security topics, such as the use of multi-factor authentication, patch management, penetration testing and vendor management. (N.B.: It is a matter of public record that criminals’ abuse of credentials issued to third-party vendors has been implicated in a number of recent, high-profile hacks.); - Steps taken to adhere to the Framework for Improving Critical Infrastructure Cybersecurity issued by the National Institute of Standards and Technology (“NIST”) on February 12, 2014 concerning third-party stakeholders; - Policies and procedures governing relationships with third-party service providers that address information security risks; - Protections used to safeguard sensitive data that is sent to, received from or accessible to third-party service providers, such as encryption or multi-factor authentication; - Protections against loss or damage incurred as a result of an information security failure by a third-party service provider; - Incident detection and response processes, including real-time monitoring and the institution’s written incident response plan; Call 1-800-543-0874 | Email customerservice@SummitProNets.com | www.fcandslegal.com
  • 2. - Cyber insurance coverage; and - Periodic reevaluation of policies and procedures in light of changing risks. In the 308 letter, DFS notes its expectation that companies will make efforts to obtain any information necessary to respond to the questionnaire from parent or affiliate companies, and imposes upon parent companies the obligation to obtain such information from subsidiaries. Implications for Insurers and Other Companies DFS has not promulgated specific cybersecurity standards, but it is strongly suggesting what it considers best practices by the questions it asks. We have previously called that “regulation by implication” – the questions themselves imply answers that the agency is likely to prefer. Strong substantive answers on the enumerated topics, clearly presented, can be expected to generate clean examination reports. Answers that DFS considers highly unsatisfactory, in contrast, could prompt DFS to pursue civil enforcement measures. Take multi-factor authentication as an example. For the uninitiated, this is the practice of requiring more than a single username/password combination to access a computer system – for instance, use of a one-time code received via a token or text message in addition to a password is a common form of multi-factor authentication. No state or federal law expressly dictates the use of multi-factor authentication, but by asking companies to describe their practices in this area, DFS is clearly signaling that, going forward, it hopes to see companies adopt policies and procedures favoring multi-factor authentication. That is consistent with Superintendent Lawsky’s comments, in a February 25 speech, that DFS was considering promulgating regulations mandating the use of multi-factor authentication because, according to Superintendent Lawsky, single-factor authentication “should have been dead and buried many years ago,” and “it is time that we bury it now.” Another example is the new requirement (not previously applied by DFS to banks) for institutions to describe steps they have taken to adhere to the Cybersecurity Framework promulgated by NIST. The NIST Framework does not have the force of law, though DFS’s reliance on it is yet another indication that the standard is increasingly seen as the emerging gold standard of cybersecurity benchmarks. Simply by asking about the NIST Framework, DFS nudges it toward preferred legal status. That being said, nothing in DFS’s guidance suggests that alternative benchmarking tools like ISO or SANS are inadequate or flawed. This approach of regulation-by-inquiry is reflected throughout the DFS guidance: Simply by asking pointed questions – about vendor management, patch management, the use of written incident response plans and so on – DFS is dropping strong hints as to what it will consider “right” answers in the context of the examinations it will conduct in 2015. Conclusion Although the most recent DFS guidance specifically applies only to the insurers it regulates, management and boards throughout corporate America would do well to study both this guidance and the guidance issued to banks in December 2014. Companies that suffer cybersecurity incidents increasingly are facing pressure to defend themselves – whether in private litigation or in regulatory enforcement actions. Companies in all industries thus may find the DFS “308 letter” a useful checklist for assessing their own cybersecurity posture. About The Authors Eric R. Dinallo and Jeremy Feigelson are partners, and Jim Pastore is counsel in the New York office of Debevoise Plimpton LLP. David A. O’Neil is partner and Jordan R. Friedland is an associate in the Washington, D.C., office. The authors may be contacted at edinallo@debevoise.com, jfeigels@debevoise.com, jjpastor@debevoise.com, daoneil@debevoise.com, and jrfriedl@debevoise.com, respectively. Call 1-800-543-0874 | Email customerservice@SummitProNets.com | www.fcandslegal.com
  • 3. Call 1-800-543-0874 | Email customerservice@SummitProNets.com | www.fcandslegal.com Copyright © 2015 The National Underwriter Company. All Rights Reserved. NOTE: The content posted to this account from FCS Legal: The Insurance Coverage Law Information Center is current to the date of its initial publication. There may have been further developments of the issues discussed since the original publication. This publication is designed to provide accurate and authoritative information in regard to the subject matter covered. It is sold with the understanding that the publisher is not engaged in rendering legal, accounting or other professional service. If legal advice is required, the services of a competent professional person should be sought. For more information, or to begin your free trial: • Call: 1-800-543-0874 • Email: customerservice@SummitProNets.com • Online: www.fcandslegal.com FCS Legal guarantees you instant access to the most authoritative and comprehensive insurance coverage law information available today. This powerful, up-to-the-minute online resource enables you to stay apprised of the latest developments through your desktop, laptop, tablet, or smart phone —whenever and wherever you need it.