SlideShare a Scribd company logo

New York State Department of Financial Services Expands Its Cyber Focus to Insurers

N
NationalUnderwriter

New York State Department of Financial Services Expands Its Cyber Focus to Insurers by Eric R. Dinallo, Jeremy Feigelson, David A. O’Neil, Jim Pastore, and Jordan R. Friedland The New York State Department of Financial Services (“DFS”) recently announced a major expansion of its cybersecurity efforts: DFS will require insurers to respond to a special “comprehensive risk assessment” on cybersecurity, with those assessments to be followed by an enhanced focus on cybersecurity as part of DFS’s regular examinations of insurers. DFS’s announcement expands to insurance the increasingly rigorous approach it has recently applied to banks in the area of cyber security. More importantly, it offers critical guidance to all industries about what regulators will consider adequate precautions and preparation in this area.

Law
1 of 3
Download to read offline
The Insurance Coverage Law Information Center The following article is from National Underwriter’s latest online resource, FC&S Legal: The Insurance Coverage Law Information Center. NEW YORK STATE DEPARTMENT OF FINANCIAL SERVICES EXPANDS ITS CYBER FOCUS TO INSURERS Eric R. Dinallo, Jeremy Feigelson, David A. O’Neil, Jim Pastore, and Jordan R. Friedland April 23, 2015 The New York State Department of Financial Services (“DFS”) recently announced a major expansion of its cybersecurity efforts: DFS will require insurers to respond to a special “comprehensive risk assessment” on cybersecurity, with those assessments to be followed by an enhanced focus on cybersecurity as part of DFS’s regular examinations of insurers. DFS’s announcement expands to insurance the increasingly rigorous approach it has recently applied to banks in the area of cybersecurity. More importantly, it offers critical guidance to all industries about what regulators will consider adequate precautions and preparation in this area. The DFS Letter The DFS action took the form of a so-called “308 letter” from Benjamin Lawsky, the DFS Superintendent, to CEOs, general counsels and CIOs of insurers. Section 308 of the New York Insurance Law gives DFS broad information-gathering powers. This 308 letter spells out the details of the one-time comprehensive risk assessment in the form of a detailed written questionnaire that must be answered by April 27. Insurers will have to answer questions about a broad range of cybersecurity issues – many of which mirror those that DFS required banks to answer in December 2014 – including: - Corporate governance of cybersecurity, including the curriculum vitae and job description of the Chief Information Security Officer or other senior person responsible for cybersecurity; - Policies and procedures designed to further the goals of confidentiality, integrity and availability of data, including the integration of data classification (a/k/a the sorting of data according to its sensitivity and risk level) into such policies and procedures; - Various highly specific security topics, such as the use of multi-factor authentication, patch management, penetration testing and vendor management. (N.B.: It is a matter of public record that criminals’ abuse of credentials issued to third-party vendors has been implicated in a number of recent, high-profile hacks.); - Steps taken to adhere to the Framework for Improving Critical Infrastructure Cybersecurity issued by the National Institute of Standards and Technology (“NIST”) on February 12, 2014 concerning third-party stakeholders; - Policies and procedures governing relationships with third-party service providers that address information security risks; - Protections used to safeguard sensitive data that is sent to, received from or accessible to third-party service providers, such as encryption or multi-factor authentication; - Protections against loss or damage incurred as a result of an information security failure by a third-party service provider; - Incident detection and response processes, including real-time monitoring and the institution’s written incident response plan; Call 1-800-543-0874 | Email customerservice@SummitProNets.com | www.fcandslegal.com
- Cyber insurance coverage; and - Periodic reevaluation of policies and procedures in light of changing risks. In the 308 letter, DFS notes its expectation that companies will make efforts to obtain any information necessary to respond to the questionnaire from parent or affiliate companies, and imposes upon parent companies the obligation to obtain such information from subsidiaries. Implications for Insurers and Other Companies DFS has not promulgated specific cybersecurity standards, but it is strongly suggesting what it considers best practices by the questions it asks. We have previously called that “regulation by implication” – the questions themselves imply answers that the agency is likely to prefer. Strong substantive answers on the enumerated topics, clearly presented, can be expected to generate clean examination reports. Answers that DFS considers highly unsatisfactory, in contrast, could prompt DFS to pursue civil enforcement measures. Take multi-factor authentication as an example. For the uninitiated, this is the practice of requiring more than a single username/password combination to access a computer system – for instance, use of a one-time code received via a token or text message in addition to a password is a common form of multi-factor authentication. No state or federal law expressly dictates the use of multi-factor authentication, but by asking companies to describe their practices in this area, DFS is clearly signaling that, going forward, it hopes to see companies adopt policies and procedures favoring multi-factor authentication. That is consistent with Superintendent Lawsky’s comments, in a February 25 speech, that DFS was considering promulgating regulations mandating the use of multi-factor authentication because, according to Superintendent Lawsky, single-factor authentication “should have been dead and buried many years ago,” and “it is time that we bury it now.” Another example is the new requirement (not previously applied by DFS to banks) for institutions to describe steps they have taken to adhere to the Cybersecurity Framework promulgated by NIST. The NIST Framework does not have the force of law, though DFS’s reliance on it is yet another indication that the standard is increasingly seen as the emerging gold standard of cybersecurity benchmarks. Simply by asking about the NIST Framework, DFS nudges it toward preferred legal status. That being said, nothing in DFS’s guidance suggests that alternative benchmarking tools like ISO or SANS are inadequate or flawed. This approach of regulation-by-inquiry is reflected throughout the DFS guidance: Simply by asking pointed questions – about vendor management, patch management, the use of written incident response plans and so on – DFS is dropping strong hints as to what it will consider “right” answers in the context of the examinations it will conduct in 2015. Conclusion Although the most recent DFS guidance specifically applies only to the insurers it regulates, management and boards throughout corporate America would do well to study both this guidance and the guidance issued to banks in December 2014. Companies that suffer cybersecurity incidents increasingly are facing pressure to defend themselves – whether in private litigation or in regulatory enforcement actions. Companies in all industries thus may find the DFS “308 letter” a useful checklist for assessing their own cybersecurity posture. About The Authors Eric R. Dinallo and Jeremy Feigelson are partners, and Jim Pastore is counsel in the New York office of Debevoise Plimpton LLP. David A. O’Neil is partner and Jordan R. Friedland is an associate in the Washington, D.C., office. The authors may be contacted at edinallo@debevoise.com, jfeigels@debevoise.com, jjpastor@debevoise.com, daoneil@debevoise.com, and jrfriedl@debevoise.com, respectively. Call 1-800-543-0874 | Email customerservice@SummitProNets.com | www.fcandslegal.com
Call 1-800-543-0874 | Email customerservice@SummitProNets.com | www.fcandslegal.com Copyright © 2015 The National Underwriter Company. All Rights Reserved. NOTE: The content posted to this account from FCS Legal: The Insurance Coverage Law Information Center is current to the date of its initial publication. There may have been further developments of the issues discussed since the original publication. This publication is designed to provide accurate and authoritative information in regard to the subject matter covered. It is sold with the understanding that the publisher is not engaged in rendering legal, accounting or other professional service. If legal advice is required, the services of a competent professional person should be sought. For more information, or to begin your free trial: • Call: 1-800-543-0874 • Email: customerservice@SummitProNets.com • Online: www.fcandslegal.com FCS Legal guarantees you instant access to the most authoritative and comprehensive insurance coverage law information available today. This powerful, up-to-the-minute online resource enables you to stay apprised of the latest developments through your desktop, laptop, tablet, or smart phone —whenever and wherever you need it.

Recommended

Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousComplacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Ethan S. Burger
 
employee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurityemployee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurity
Paul Ferrillo
 
Cyber Liability Risk
Cyber Liability RiskCyber Liability Risk
Cyber Liability Risk
Christopher Rieser
 
The Basics of Cyber Insurance
The Basics of Cyber InsuranceThe Basics of Cyber Insurance
The Basics of Cyber Insurance
HB Litigation Conferences
 
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSCYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
HB Litigation Conferences
 
11 pp-cybersecurity-revised2 a
11 pp-cybersecurity-revised2 a11 pp-cybersecurity-revised2 a
11 pp-cybersecurity-revised2 a
IT Strategy Group
 
Wollmuth Maher & Deutsch LLP -Takeaways From The SEC Cybersecurity Examinatio...
Wollmuth Maher & Deutsch LLP -Takeaways From The SEC Cybersecurity Examinatio...Wollmuth Maher & Deutsch LLP -Takeaways From The SEC Cybersecurity Examinatio...
Wollmuth Maher & Deutsch LLP -Takeaways From The SEC Cybersecurity Examinatio...
Jason Glass, CFA, CISSP
 
Ci2 cyber insurance presentation
Ci2 cyber insurance presentationCi2 cyber insurance presentation
Ci2 cyber insurance presentation
Ethan S. Burger
 

Recommended

Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousComplacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Ethan S. Burger
 
employee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurityemployee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurity
Paul Ferrillo
 
Cyber Liability Risk
Cyber Liability RiskCyber Liability Risk
Cyber Liability Risk
Christopher Rieser
 
The Basics of Cyber Insurance
The Basics of Cyber InsuranceThe Basics of Cyber Insurance
The Basics of Cyber Insurance
HB Litigation Conferences
 
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSCYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
HB Litigation Conferences
 
11 pp-cybersecurity-revised2 a
11 pp-cybersecurity-revised2 a11 pp-cybersecurity-revised2 a
11 pp-cybersecurity-revised2 a
IT Strategy Group
 
Wollmuth Maher & Deutsch LLP -Takeaways From The SEC Cybersecurity Examinatio...
Wollmuth Maher & Deutsch LLP -Takeaways From The SEC Cybersecurity Examinatio...Wollmuth Maher & Deutsch LLP -Takeaways From The SEC Cybersecurity Examinatio...
Wollmuth Maher & Deutsch LLP -Takeaways From The SEC Cybersecurity Examinatio...
Jason Glass, CFA, CISSP
 
Ci2 cyber insurance presentation
Ci2 cyber insurance presentationCi2 cyber insurance presentation
Ci2 cyber insurance presentation
Ethan S. Burger
 
Chief Audit Execs speak out: Cybersecurity & risk management
Chief Audit Execs speak out: Cybersecurity & risk managementChief Audit Execs speak out: Cybersecurity & risk management
Chief Audit Execs speak out: Cybersecurity & risk management
Grant Thornton LLP
 
Cyber Insurance Temp
Cyber Insurance TempCyber Insurance Temp
Cyber Insurance Temp
Rohan Sehgal
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paper
spencerharry
 
BCC (2012): Federal Panel Identifying Future Government Needs
BCC (2012): Federal Panel Identifying Future Government NeedsBCC (2012): Federal Panel Identifying Future Government Needs
BCC (2012): Federal Panel Identifying Future Government Needs
Duane Blackburn
 
Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide InsuranceCyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Statewide Insurance Brokers
 
10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance 10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance
Hubbard Insurance Group
 
All's Fair in Love and Cyber Warfare
All's Fair in Love and Cyber WarfareAll's Fair in Love and Cyber Warfare
All's Fair in Love and Cyber Warfare
NationalUnderwriter
 
Cyber Insurance CLE
Cyber Insurance CLE Cyber Insurance CLE
Cyber Insurance CLE
Sarah Stogner
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age
padler01
 
CIOReview
CIOReviewCIOReview
CIOReview
Teri Cotton Santos, JD
 
BEA Presentation
BEA PresentationBEA Presentation
BEA Presentation
Glenn E. Davis
 
Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers - Cyber Insurance 101Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers
 
Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals
Richard Brzakala
 
GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...
GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...
GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...
Patton Boggs LLP
 
Data Breaches: The Cost of Being Unprepared
Data Breaches: The Cost of Being UnpreparedData Breaches: The Cost of Being Unprepared
Data Breaches: The Cost of Being Unprepared
haynormania
 
July 2010 Cover Story
July 2010 Cover StoryJuly 2010 Cover Story
July 2010 Cover Story
Patrick Spencer
 
Primer on cybersecurity for boards of directors
Primer on cybersecurity for boards of directorsPrimer on cybersecurity for boards of directors
Primer on cybersecurity for boards of directors
David X Martin
 
Personally Identifiable Information Protection
Personally Identifiable Information ProtectionPersonally Identifiable Information Protection
Personally Identifiable Information Protection
PECB
 
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMS
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMSSOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMS
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMS
HB Litigation Conferences
 
Logikcull Webinar: Preventing the Next Panama Papers
Logikcull Webinar: Preventing the Next Panama PapersLogikcull Webinar: Preventing the Next Panama Papers
Logikcull Webinar: Preventing the Next Panama Papers
Logikcull.com
 
cybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattcybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-matt
Yigal Behar
 
C-Suite Guide to Cybersecurity
C-Suite Guide to CybersecurityC-Suite Guide to Cybersecurity
C-Suite Guide to Cybersecurity
MICHAEL MOSHIRI
 

More Related Content

What's hot

Chief Audit Execs speak out: Cybersecurity & risk management
Chief Audit Execs speak out: Cybersecurity & risk managementChief Audit Execs speak out: Cybersecurity & risk management
Chief Audit Execs speak out: Cybersecurity & risk management
Grant Thornton LLP
 
Cyber Insurance Temp
Cyber Insurance TempCyber Insurance Temp
Cyber Insurance Temp
Rohan Sehgal
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paper
spencerharry
 
BCC (2012): Federal Panel Identifying Future Government Needs
BCC (2012): Federal Panel Identifying Future Government NeedsBCC (2012): Federal Panel Identifying Future Government Needs
BCC (2012): Federal Panel Identifying Future Government Needs
Duane Blackburn
 
Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide InsuranceCyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Statewide Insurance Brokers
 
10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance 10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance
Hubbard Insurance Group
 
All's Fair in Love and Cyber Warfare
All's Fair in Love and Cyber WarfareAll's Fair in Love and Cyber Warfare
All's Fair in Love and Cyber Warfare
NationalUnderwriter
 
Cyber Insurance CLE
Cyber Insurance CLE Cyber Insurance CLE
Cyber Insurance CLE
Sarah Stogner
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age
padler01
 
CIOReview
CIOReviewCIOReview
CIOReview
Teri Cotton Santos, JD
 
BEA Presentation
BEA PresentationBEA Presentation
BEA Presentation
Glenn E. Davis
 
Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers - Cyber Insurance 101Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers
 
Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals
Richard Brzakala
 
GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...
GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...
GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...
Patton Boggs LLP
 
Data Breaches: The Cost of Being Unprepared
Data Breaches: The Cost of Being UnpreparedData Breaches: The Cost of Being Unprepared
Data Breaches: The Cost of Being Unprepared
haynormania
 
July 2010 Cover Story
July 2010 Cover StoryJuly 2010 Cover Story
July 2010 Cover Story
Patrick Spencer
 
Primer on cybersecurity for boards of directors
Primer on cybersecurity for boards of directorsPrimer on cybersecurity for boards of directors
Primer on cybersecurity for boards of directors
David X Martin
 
Personally Identifiable Information Protection
Personally Identifiable Information ProtectionPersonally Identifiable Information Protection
Personally Identifiable Information Protection
PECB
 
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMS
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMSSOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMS
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMS
HB Litigation Conferences
 
Logikcull Webinar: Preventing the Next Panama Papers
Logikcull Webinar: Preventing the Next Panama PapersLogikcull Webinar: Preventing the Next Panama Papers
Logikcull Webinar: Preventing the Next Panama Papers
Logikcull.com
 

What's hot (20)

Chief Audit Execs speak out: Cybersecurity & risk management
Chief Audit Execs speak out: Cybersecurity & risk managementChief Audit Execs speak out: Cybersecurity & risk management
Chief Audit Execs speak out: Cybersecurity & risk management
 
Cyber Insurance Temp
Cyber Insurance TempCyber Insurance Temp
Cyber Insurance Temp
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paper
 
BCC (2012): Federal Panel Identifying Future Government Needs
BCC (2012): Federal Panel Identifying Future Government NeedsBCC (2012): Federal Panel Identifying Future Government Needs
BCC (2012): Federal Panel Identifying Future Government Needs
 
Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide InsuranceCyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
 
10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance 10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance
 
All's Fair in Love and Cyber Warfare
All's Fair in Love and Cyber WarfareAll's Fair in Love and Cyber Warfare
All's Fair in Love and Cyber Warfare
 
Cyber Insurance CLE
Cyber Insurance CLE Cyber Insurance CLE
Cyber Insurance CLE
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age
 
CIOReview
CIOReviewCIOReview
CIOReview
 
BEA Presentation
BEA PresentationBEA Presentation
BEA Presentation
 
Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers - Cyber Insurance 101Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers - Cyber Insurance 101
 
Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals
 
GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...
GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...
GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...
 
Data Breaches: The Cost of Being Unprepared
Data Breaches: The Cost of Being UnpreparedData Breaches: The Cost of Being Unprepared
Data Breaches: The Cost of Being Unprepared
 
July 2010 Cover Story
July 2010 Cover StoryJuly 2010 Cover Story
July 2010 Cover Story
 
Primer on cybersecurity for boards of directors
Primer on cybersecurity for boards of directorsPrimer on cybersecurity for boards of directors
Primer on cybersecurity for boards of directors
 
Personally Identifiable Information Protection
Personally Identifiable Information ProtectionPersonally Identifiable Information Protection
Personally Identifiable Information Protection
 
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMS
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMSSOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMS
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMS
 
Logikcull Webinar: Preventing the Next Panama Papers
Logikcull Webinar: Preventing the Next Panama PapersLogikcull Webinar: Preventing the Next Panama Papers
Logikcull Webinar: Preventing the Next Panama Papers
 

Viewers also liked

cybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattcybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-matt
Yigal Behar
 
C-Suite Guide to Cybersecurity
C-Suite Guide to CybersecurityC-Suite Guide to Cybersecurity
C-Suite Guide to Cybersecurity
MICHAEL MOSHIRI
 
Layers of Cyber Protection
Layers of Cyber ProtectionLayers of Cyber Protection
Layers of Cyber Protection
Dr. Lydia Kostopoulos
 
New York DFS proposed cybersecurity regulations
New York DFS proposed cybersecurity regulationsNew York DFS proposed cybersecurity regulations
New York DFS proposed cybersecurity regulations
Brunswick Group
 
NYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity RegulationsNYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity Regulations
Jon Bosco
 
Future of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.RosenquistFuture of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.Rosenquist
Matthew Rosenquist
 
How to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteHow to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-Suite
SurfWatch Labs
 
Securing the Cloud by Matthew Rosenquist 2016
Securing the Cloud by Matthew Rosenquist 2016Securing the Cloud by Matthew Rosenquist 2016
Securing the Cloud by Matthew Rosenquist 2016
Matthew Rosenquist
 
CSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew RosenquistCSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew Rosenquist
Matthew Rosenquist
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
Tuan Phan
 
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistTop 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Matthew Rosenquist
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Neha Gupta
 
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the BoardroomSecuring the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
IBM Security
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity Framework
Tuan Phan
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 Challenges
Leandro Bennaton
 
How to Approach the NYDFS Proposed Cybersecurity Requirements
How to Approach the NYDFS Proposed Cybersecurity RequirementsHow to Approach the NYDFS Proposed Cybersecurity Requirements
How to Approach the NYDFS Proposed Cybersecurity Requirements
Kyle Brown
 
Cyber crime ppt
Cyber crime pptCyber crime ppt
Cyber crime ppt
MOE515253
 

Viewers also liked (17)

cybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattcybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-matt
 
C-Suite Guide to Cybersecurity
C-Suite Guide to CybersecurityC-Suite Guide to Cybersecurity
C-Suite Guide to Cybersecurity
 
Layers of Cyber Protection
Layers of Cyber ProtectionLayers of Cyber Protection
Layers of Cyber Protection
 
New York DFS proposed cybersecurity regulations
New York DFS proposed cybersecurity regulationsNew York DFS proposed cybersecurity regulations
New York DFS proposed cybersecurity regulations
 
NYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity RegulationsNYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity Regulations
 
Future of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.RosenquistFuture of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.Rosenquist
 
How to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteHow to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-Suite
 
Securing the Cloud by Matthew Rosenquist 2016
Securing the Cloud by Matthew Rosenquist 2016Securing the Cloud by Matthew Rosenquist 2016
Securing the Cloud by Matthew Rosenquist 2016
 
CSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew RosenquistCSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew Rosenquist
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
 
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistTop 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the BoardroomSecuring the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity Framework
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 Challenges
 
How to Approach the NYDFS Proposed Cybersecurity Requirements
How to Approach the NYDFS Proposed Cybersecurity RequirementsHow to Approach the NYDFS Proposed Cybersecurity Requirements
How to Approach the NYDFS Proposed Cybersecurity Requirements
 
Cyber crime ppt
Cyber crime pptCyber crime ppt
Cyber crime ppt
 

Similar to New York State Department of Financial Services Expands Its Cyber Focus to Insurers

Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessments
Ken M. Shaurette
 
Maintain data privacy during software development
Maintain data privacy during software developmentMaintain data privacy during software development
Maintain data privacy during software development
MuhammadArif823
 
CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White Paper
Dmcenter
 
Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1
Michael C. Keeling, Esq.
 
Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity Essay
Michael Solomon
 
Protecting Donor Privacy
Protecting Donor PrivacyProtecting Donor Privacy
Protecting Donor Privacy
Raymond Cunningham
 
Privacy Do's and Don'ts for Customer Service Representatives
Privacy Do's and Don'ts for Customer Service RepresentativesPrivacy Do's and Don'ts for Customer Service Representatives
Privacy Do's and Don'ts for Customer Service Representatives
Art Hall
 
Cyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelCyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework Panel
Paul Di Gangi
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Shawn Tuma
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Financial Poise
 
Module 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemModule 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancem
IlonaThornburg83
 
Data Privacy Compliance
Data Privacy ComplianceData Privacy Compliance
Data Privacy Compliance
Financial Poise
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paper
Todd Ruback
 
Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants
- Mark - Fullbright
 
Cybersecurity_Alert_Dec_16_2014
Cybersecurity_Alert_Dec_16_2014Cybersecurity_Alert_Dec_16_2014
Cybersecurity_Alert_Dec_16_2014
Paul Ferrillo
 
The Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOTThe Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOT
Compliancy Group
 
What is in store for e-discovery in 2015?
What is in store for e-discovery in 2015?What is in store for e-discovery in 2015?
What is in store for e-discovery in 2015?
Logikcull.com
 
Cybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guideCybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guide
JoAnna Cheshire
 
Introduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsIntroduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and Requirements
Financial Poise
 
Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15
James Fisher
 

Similar to New York State Department of Financial Services Expands Its Cyber Focus to Insurers (20)

Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessments
 
Maintain data privacy during software development
Maintain data privacy during software developmentMaintain data privacy during software development
Maintain data privacy during software development
 
CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White Paper
 
Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1
 
Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity Essay
 
Protecting Donor Privacy
Protecting Donor PrivacyProtecting Donor Privacy
Protecting Donor Privacy
 
Privacy Do's and Don'ts for Customer Service Representatives
Privacy Do's and Don'ts for Customer Service RepresentativesPrivacy Do's and Don'ts for Customer Service Representatives
Privacy Do's and Don'ts for Customer Service Representatives
 
Cyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelCyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework Panel
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
 
Module 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemModule 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancem
 
Data Privacy Compliance
Data Privacy ComplianceData Privacy Compliance
Data Privacy Compliance
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paper
 
Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants
 
Cybersecurity_Alert_Dec_16_2014
Cybersecurity_Alert_Dec_16_2014Cybersecurity_Alert_Dec_16_2014
Cybersecurity_Alert_Dec_16_2014
 
The Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOTThe Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOT
 
What is in store for e-discovery in 2015?
What is in store for e-discovery in 2015?What is in store for e-discovery in 2015?
What is in store for e-discovery in 2015?
 
Cybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guideCybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guide
 
Introduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsIntroduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and Requirements
 
Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15
 

More from NationalUnderwriter

Excess and Surplus Lines Law: A 3-State Sample of a Complete State-by-State C...
Excess and Surplus Lines Law: A 3-State Sample of a Complete State-by-State C...Excess and Surplus Lines Law: A 3-State Sample of a Complete State-by-State C...
Excess and Surplus Lines Law: A 3-State Sample of a Complete State-by-State C...
NationalUnderwriter
 
How to Successfully Navigate the Latest Changes to the Affordable Care Act
How to Successfully Navigate the Latest Changes to the Affordable Care ActHow to Successfully Navigate the Latest Changes to the Affordable Care Act
How to Successfully Navigate the Latest Changes to the Affordable Care Act
NationalUnderwriter
 
Finding in Favor of Insurer, Jury Rejects Homeowners¹ Bid for $600,000 for Wa...
Finding in Favor of Insurer, Jury Rejects Homeowners¹ Bid for $600,000 for Wa...Finding in Favor of Insurer, Jury Rejects Homeowners¹ Bid for $600,000 for Wa...
Finding in Favor of Insurer, Jury Rejects Homeowners¹ Bid for $600,000 for Wa...
NationalUnderwriter
 
The EU Solvency II Regime for Insurers: An Update on Implementation
The EU Solvency II Regime for Insurers: An Update on ImplementationThe EU Solvency II Regime for Insurers: An Update on Implementation
The EU Solvency II Regime for Insurers: An Update on Implementation
NationalUnderwriter
 
CFTC Grants No Action Relief to Commodity Pool Operators with Respect to Cert...
CFTC Grants No Action Relief to Commodity Pool Operators with Respect to Cert...CFTC Grants No Action Relief to Commodity Pool Operators with Respect to Cert...
CFTC Grants No Action Relief to Commodity Pool Operators with Respect to Cert...
NationalUnderwriter
 
Arbitration in Insurance Coverage Disputes: Pluses and Minuses
Arbitration in Insurance Coverage Disputes: Pluses and MinusesArbitration in Insurance Coverage Disputes: Pluses and Minuses
Arbitration in Insurance Coverage Disputes: Pluses and Minuses
NationalUnderwriter
 
Supreme Court of Texas Marries Contractual Limitations to Insurance Policies
Supreme Court of Texas Marries Contractual Limitations to Insurance PoliciesSupreme Court of Texas Marries Contractual Limitations to Insurance Policies
Supreme Court of Texas Marries Contractual Limitations to Insurance Policies
NationalUnderwriter
 
Supreme Court of New Jersey Confirms "Fairly Debatable" Standard for First Pa...
Supreme Court of New Jersey Confirms "Fairly Debatable" Standard for First Pa...Supreme Court of New Jersey Confirms "Fairly Debatable" Standard for First Pa...
Supreme Court of New Jersey Confirms "Fairly Debatable" Standard for First Pa...
NationalUnderwriter
 
Pennsylvania Supreme Court Holds Policyholders May Assign Their Statutory Rig...
Pennsylvania Supreme Court Holds Policyholders May Assign Their Statutory Rig...Pennsylvania Supreme Court Holds Policyholders May Assign Their Statutory Rig...
Pennsylvania Supreme Court Holds Policyholders May Assign Their Statutory Rig...
NationalUnderwriter
 
Migrating Sand Triggers Separate Policy Limits for CGL Policy¹s Personal Inju...
Migrating Sand Triggers Separate Policy Limits for CGL Policy¹s Personal Inju...Migrating Sand Triggers Separate Policy Limits for CGL Policy¹s Personal Inju...
Migrating Sand Triggers Separate Policy Limits for CGL Policy¹s Personal Inju...
NationalUnderwriter
 
Cyber Security and Insurance Coverage Protection: The Perfect Time for an Audit
Cyber Security and Insurance Coverage Protection: The Perfect Time for an AuditCyber Security and Insurance Coverage Protection: The Perfect Time for an Audit
Cyber Security and Insurance Coverage Protection: The Perfect Time for an Audit
NationalUnderwriter
 
Class Actions: Insurance Related Claims
Class Actions: Insurance Related ClaimsClass Actions: Insurance Related Claims
Class Actions: Insurance Related Claims
NationalUnderwriter
 
Clarifying Bad Faith Jurisprudence in Virginia, Federal Court Recognizes Bad ...
Clarifying Bad Faith Jurisprudence in Virginia, Federal Court Recognizes Bad ...Clarifying Bad Faith Jurisprudence in Virginia, Federal Court Recognizes Bad ...
Clarifying Bad Faith Jurisprudence in Virginia, Federal Court Recognizes Bad ...
NationalUnderwriter
 
CFTC Grants No-Action Relief to Commodity Pool Operators with Respect to Cert...
CFTC Grants No-Action Relief to Commodity Pool Operators with Respect to Cert...CFTC Grants No-Action Relief to Commodity Pool Operators with Respect to Cert...
CFTC Grants No-Action Relief to Commodity Pool Operators with Respect to Cert...
NationalUnderwriter
 
N.J. Trial Court Applies "Named Storm" Deductible in Superstorm Sandy Case
N.J. Trial Court Applies "Named Storm" Deductible in Superstorm Sandy CaseN.J. Trial Court Applies "Named Storm" Deductible in Superstorm Sandy Case
N.J. Trial Court Applies "Named Storm" Deductible in Superstorm Sandy Case
NationalUnderwriter
 
Clarifying Bad Faith Jurisprudence in Virginia, Federal Court Recognizes Bad-...
Clarifying Bad Faith Jurisprudence in Virginia, Federal Court Recognizes Bad-...Clarifying Bad Faith Jurisprudence in Virginia, Federal Court Recognizes Bad-...
Clarifying Bad Faith Jurisprudence in Virginia, Federal Court Recognizes Bad-...
NationalUnderwriter
 
Wisconsin Supreme Court: Pollution Exclusion Bars Coverage for Well Contamin...
Wisconsin Supreme Court: Pollution Exclusion Bars Coverage for Well Contamin...Wisconsin Supreme Court: Pollution Exclusion Bars Coverage for Well Contamin...
Wisconsin Supreme Court: Pollution Exclusion Bars Coverage for Well Contamin...
NationalUnderwriter
 
New York High Court Finds Lead Exposure Injuries to Children of Different Fam...
New York High Court Finds Lead Exposure Injuries to Children of Different Fam...New York High Court Finds Lead Exposure Injuries to Children of Different Fam...
New York High Court Finds Lead Exposure Injuries to Children of Different Fam...
NationalUnderwriter
 
February14 IRS Valentine’s Day Words of Wisdom by Jay Katz
February14 IRS Valentine’s Day Words of Wisdom by Jay KatzFebruary14 IRS Valentine’s Day Words of Wisdom by Jay Katz
February14 IRS Valentine’s Day Words of Wisdom by Jay Katz
NationalUnderwriter
 
Discharge of Debt Income (from The Tools & Techniques of Income Tax Planning)
Discharge of Debt Income (from The Tools & Techniques of Income Tax Planning)Discharge of Debt Income (from The Tools & Techniques of Income Tax Planning)
Discharge of Debt Income (from The Tools & Techniques of Income Tax Planning)
NationalUnderwriter
 

More from NationalUnderwriter (20)

Excess and Surplus Lines Law: A 3-State Sample of a Complete State-by-State C...
Excess and Surplus Lines Law: A 3-State Sample of a Complete State-by-State C...Excess and Surplus Lines Law: A 3-State Sample of a Complete State-by-State C...
Excess and Surplus Lines Law: A 3-State Sample of a Complete State-by-State C...
 
How to Successfully Navigate the Latest Changes to the Affordable Care Act
How to Successfully Navigate the Latest Changes to the Affordable Care ActHow to Successfully Navigate the Latest Changes to the Affordable Care Act
How to Successfully Navigate the Latest Changes to the Affordable Care Act
 
Finding in Favor of Insurer, Jury Rejects Homeowners¹ Bid for $600,000 for Wa...
Finding in Favor of Insurer, Jury Rejects Homeowners¹ Bid for $600,000 for Wa...Finding in Favor of Insurer, Jury Rejects Homeowners¹ Bid for $600,000 for Wa...
Finding in Favor of Insurer, Jury Rejects Homeowners¹ Bid for $600,000 for Wa...
 
The EU Solvency II Regime for Insurers: An Update on Implementation
The EU Solvency II Regime for Insurers: An Update on ImplementationThe EU Solvency II Regime for Insurers: An Update on Implementation
The EU Solvency II Regime for Insurers: An Update on Implementation
 
CFTC Grants No Action Relief to Commodity Pool Operators with Respect to Cert...
CFTC Grants No Action Relief to Commodity Pool Operators with Respect to Cert...CFTC Grants No Action Relief to Commodity Pool Operators with Respect to Cert...
CFTC Grants No Action Relief to Commodity Pool Operators with Respect to Cert...
 
Arbitration in Insurance Coverage Disputes: Pluses and Minuses
Arbitration in Insurance Coverage Disputes: Pluses and MinusesArbitration in Insurance Coverage Disputes: Pluses and Minuses
Arbitration in Insurance Coverage Disputes: Pluses and Minuses
 
Supreme Court of Texas Marries Contractual Limitations to Insurance Policies
Supreme Court of Texas Marries Contractual Limitations to Insurance PoliciesSupreme Court of Texas Marries Contractual Limitations to Insurance Policies
Supreme Court of Texas Marries Contractual Limitations to Insurance Policies
 
Supreme Court of New Jersey Confirms "Fairly Debatable" Standard for First Pa...
Supreme Court of New Jersey Confirms "Fairly Debatable" Standard for First Pa...Supreme Court of New Jersey Confirms "Fairly Debatable" Standard for First Pa...
Supreme Court of New Jersey Confirms "Fairly Debatable" Standard for First Pa...
 
Pennsylvania Supreme Court Holds Policyholders May Assign Their Statutory Rig...
Pennsylvania Supreme Court Holds Policyholders May Assign Their Statutory Rig...Pennsylvania Supreme Court Holds Policyholders May Assign Their Statutory Rig...
Pennsylvania Supreme Court Holds Policyholders May Assign Their Statutory Rig...
 
Migrating Sand Triggers Separate Policy Limits for CGL Policy¹s Personal Inju...
Migrating Sand Triggers Separate Policy Limits for CGL Policy¹s Personal Inju...Migrating Sand Triggers Separate Policy Limits for CGL Policy¹s Personal Inju...
Migrating Sand Triggers Separate Policy Limits for CGL Policy¹s Personal Inju...
 
Cyber Security and Insurance Coverage Protection: The Perfect Time for an Audit
Cyber Security and Insurance Coverage Protection: The Perfect Time for an AuditCyber Security and Insurance Coverage Protection: The Perfect Time for an Audit
Cyber Security and Insurance Coverage Protection: The Perfect Time for an Audit
 
Class Actions: Insurance Related Claims
Class Actions: Insurance Related ClaimsClass Actions: Insurance Related Claims
Class Actions: Insurance Related Claims
 
Clarifying Bad Faith Jurisprudence in Virginia, Federal Court Recognizes Bad ...
Clarifying Bad Faith Jurisprudence in Virginia, Federal Court Recognizes Bad ...Clarifying Bad Faith Jurisprudence in Virginia, Federal Court Recognizes Bad ...
Clarifying Bad Faith Jurisprudence in Virginia, Federal Court Recognizes Bad ...
 
CFTC Grants No-Action Relief to Commodity Pool Operators with Respect to Cert...
CFTC Grants No-Action Relief to Commodity Pool Operators with Respect to Cert...CFTC Grants No-Action Relief to Commodity Pool Operators with Respect to Cert...
CFTC Grants No-Action Relief to Commodity Pool Operators with Respect to Cert...
 
N.J. Trial Court Applies "Named Storm" Deductible in Superstorm Sandy Case
N.J. Trial Court Applies "Named Storm" Deductible in Superstorm Sandy CaseN.J. Trial Court Applies "Named Storm" Deductible in Superstorm Sandy Case
N.J. Trial Court Applies "Named Storm" Deductible in Superstorm Sandy Case
 
Clarifying Bad Faith Jurisprudence in Virginia, Federal Court Recognizes Bad-...
Clarifying Bad Faith Jurisprudence in Virginia, Federal Court Recognizes Bad-...Clarifying Bad Faith Jurisprudence in Virginia, Federal Court Recognizes Bad-...
Clarifying Bad Faith Jurisprudence in Virginia, Federal Court Recognizes Bad-...
 
Wisconsin Supreme Court: Pollution Exclusion Bars Coverage for Well Contamin...
Wisconsin Supreme Court: Pollution Exclusion Bars Coverage for Well Contamin...Wisconsin Supreme Court: Pollution Exclusion Bars Coverage for Well Contamin...
Wisconsin Supreme Court: Pollution Exclusion Bars Coverage for Well Contamin...
 
New York High Court Finds Lead Exposure Injuries to Children of Different Fam...
New York High Court Finds Lead Exposure Injuries to Children of Different Fam...New York High Court Finds Lead Exposure Injuries to Children of Different Fam...
New York High Court Finds Lead Exposure Injuries to Children of Different Fam...
 
February14 IRS Valentine’s Day Words of Wisdom by Jay Katz
February14 IRS Valentine’s Day Words of Wisdom by Jay KatzFebruary14 IRS Valentine’s Day Words of Wisdom by Jay Katz
February14 IRS Valentine’s Day Words of Wisdom by Jay Katz
 
Discharge of Debt Income (from The Tools & Techniques of Income Tax Planning)
Discharge of Debt Income (from The Tools & Techniques of Income Tax Planning)Discharge of Debt Income (from The Tools & Techniques of Income Tax Planning)
Discharge of Debt Income (from The Tools & Techniques of Income Tax Planning)
 

Recently uploaded

Lifting the Corporate Veil. Power Point Presentation
Lifting the Corporate Veil. Power Point PresentationLifting the Corporate Veil. Power Point Presentation
Lifting the Corporate Veil. Power Point Presentation
seri bangash
 
fnaf lore.pptx ...................................
fnaf lore.pptx ...................................fnaf lore.pptx ...................................
fnaf lore.pptx ...................................
20jcoello
 
一比一原版(Lincoln毕业证)新西兰林肯大学毕业证如何办理
一比一原版(Lincoln毕业证)新西兰林肯大学毕业证如何办理一比一原版(Lincoln毕业证)新西兰林肯大学毕业证如何办理
一比一原版(Lincoln毕业证)新西兰林肯大学毕业证如何办理
gjsma0ep
 
Presentation (1).pptx Human rights of LGBTQ people in India, constitutional a...
Presentation (1).pptx Human rights of LGBTQ people in India, constitutional a...Presentation (1).pptx Human rights of LGBTQ people in India, constitutional a...
Presentation (1).pptx Human rights of LGBTQ people in India, constitutional a...
SKshi
 
Incometax Compliance_PF_ ESI- June 2024
Incometax Compliance_PF_ ESI- June 2024Incometax Compliance_PF_ ESI- June 2024
Incometax Compliance_PF_ ESI- June 2024
EbizfilingIndia
 
V.-SENTHIL-BALAJI-SLP-C-8939-8940-2023-SC-Judgment-07-August-2023.pdf
V.-SENTHIL-BALAJI-SLP-C-8939-8940-2023-SC-Judgment-07-August-2023.pdfV.-SENTHIL-BALAJI-SLP-C-8939-8940-2023-SC-Judgment-07-August-2023.pdf
V.-SENTHIL-BALAJI-SLP-C-8939-8940-2023-SC-Judgment-07-August-2023.pdf
bhavenpr
 
From Promise to Practice. Implementing AI in Legal Environments
From Promise to Practice. Implementing AI in Legal EnvironmentsFrom Promise to Practice. Implementing AI in Legal Environments
From Promise to Practice. Implementing AI in Legal Environments
ssusera97a2f
 
Ease of Paying Tax Law Republic Act 11976
Ease of Paying Tax Law Republic Act 11976Ease of Paying Tax Law Republic Act 11976
Ease of Paying Tax Law Republic Act 11976
PelayoGilbert
 
The Work Permit for Self-Employed Persons in Italy
The Work Permit for Self-Employed Persons in ItalyThe Work Permit for Self-Employed Persons in Italy
The Work Permit for Self-Employed Persons in Italy
BridgeWest.eu
 
原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样
原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样
原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样
osenwakm
 
Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...
Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...
Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...
Massimo Talia
 
Defending Weapons Offence Charges: Role of Mississauga Criminal Defence Lawyers
Defending Weapons Offence Charges: Role of Mississauga Criminal Defence LawyersDefending Weapons Offence Charges: Role of Mississauga Criminal Defence Lawyers
Defending Weapons Offence Charges: Role of Mississauga Criminal Defence Lawyers
HarpreetSaini48
 
2015pmkemenhub163.pdf. 2015pmkemenhub163.pdf
2015pmkemenhub163.pdf. 2015pmkemenhub163.pdf2015pmkemenhub163.pdf. 2015pmkemenhub163.pdf
2015pmkemenhub163.pdf. 2015pmkemenhub163.pdf
CIkumparan
 
Genocide in International Criminal Law.pptx
Genocide in International Criminal Law.pptxGenocide in International Criminal Law.pptx
Genocide in International Criminal Law.pptx
MasoudZamani13
 
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...
Syed Muhammad Humza Hussain
 
Energizing Communities, Fostering Growth, Sustaining Futures
Energizing Communities, Fostering Growth, Sustaining FuturesEnergizing Communities, Fostering Growth, Sustaining Futures
Energizing Communities, Fostering Growth, Sustaining Futures
USDAReapgrants.com
 
What are the common challenges faced by women lawyers working in the legal pr...
What are the common challenges faced by women lawyers working in the legal pr...What are the common challenges faced by women lawyers working in the legal pr...
What are the common challenges faced by women lawyers working in the legal pr...
lawyersonia
 
Patenting_Innovations_in_3D_Printing_Prosthetics.pptx
Patenting_Innovations_in_3D_Printing_Prosthetics.pptxPatenting_Innovations_in_3D_Printing_Prosthetics.pptx
Patenting_Innovations_in_3D_Printing_Prosthetics.pptx
ssuser559494
 
Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...
Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...
Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...
Sangyun Lee
 
在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样
在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样
在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样
osenwakm
 

Recently uploaded (20)

Lifting the Corporate Veil. Power Point Presentation
Lifting the Corporate Veil. Power Point PresentationLifting the Corporate Veil. Power Point Presentation
Lifting the Corporate Veil. Power Point Presentation
 
fnaf lore.pptx ...................................
fnaf lore.pptx ...................................fnaf lore.pptx ...................................
fnaf lore.pptx ...................................
 
一比一原版(Lincoln毕业证)新西兰林肯大学毕业证如何办理
一比一原版(Lincoln毕业证)新西兰林肯大学毕业证如何办理一比一原版(Lincoln毕业证)新西兰林肯大学毕业证如何办理
一比一原版(Lincoln毕业证)新西兰林肯大学毕业证如何办理
 
Presentation (1).pptx Human rights of LGBTQ people in India, constitutional a...
Presentation (1).pptx Human rights of LGBTQ people in India, constitutional a...Presentation (1).pptx Human rights of LGBTQ people in India, constitutional a...
Presentation (1).pptx Human rights of LGBTQ people in India, constitutional a...
 
Incometax Compliance_PF_ ESI- June 2024
Incometax Compliance_PF_ ESI- June 2024Incometax Compliance_PF_ ESI- June 2024
Incometax Compliance_PF_ ESI- June 2024
 
V.-SENTHIL-BALAJI-SLP-C-8939-8940-2023-SC-Judgment-07-August-2023.pdf
V.-SENTHIL-BALAJI-SLP-C-8939-8940-2023-SC-Judgment-07-August-2023.pdfV.-SENTHIL-BALAJI-SLP-C-8939-8940-2023-SC-Judgment-07-August-2023.pdf
V.-SENTHIL-BALAJI-SLP-C-8939-8940-2023-SC-Judgment-07-August-2023.pdf
 
From Promise to Practice. Implementing AI in Legal Environments
From Promise to Practice. Implementing AI in Legal EnvironmentsFrom Promise to Practice. Implementing AI in Legal Environments
From Promise to Practice. Implementing AI in Legal Environments
 
Ease of Paying Tax Law Republic Act 11976
Ease of Paying Tax Law Republic Act 11976Ease of Paying Tax Law Republic Act 11976
Ease of Paying Tax Law Republic Act 11976
 
The Work Permit for Self-Employed Persons in Italy
The Work Permit for Self-Employed Persons in ItalyThe Work Permit for Self-Employed Persons in Italy
The Work Permit for Self-Employed Persons in Italy
 
原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样
原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样
原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样
 
Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...
Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...
Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...
 
Defending Weapons Offence Charges: Role of Mississauga Criminal Defence Lawyers
Defending Weapons Offence Charges: Role of Mississauga Criminal Defence LawyersDefending Weapons Offence Charges: Role of Mississauga Criminal Defence Lawyers
Defending Weapons Offence Charges: Role of Mississauga Criminal Defence Lawyers
 
2015pmkemenhub163.pdf. 2015pmkemenhub163.pdf
2015pmkemenhub163.pdf. 2015pmkemenhub163.pdf2015pmkemenhub163.pdf. 2015pmkemenhub163.pdf
2015pmkemenhub163.pdf. 2015pmkemenhub163.pdf
 
Genocide in International Criminal Law.pptx
Genocide in International Criminal Law.pptxGenocide in International Criminal Law.pptx
Genocide in International Criminal Law.pptx
 
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...
 
Energizing Communities, Fostering Growth, Sustaining Futures
Energizing Communities, Fostering Growth, Sustaining FuturesEnergizing Communities, Fostering Growth, Sustaining Futures
Energizing Communities, Fostering Growth, Sustaining Futures
 
What are the common challenges faced by women lawyers working in the legal pr...
What are the common challenges faced by women lawyers working in the legal pr...What are the common challenges faced by women lawyers working in the legal pr...
What are the common challenges faced by women lawyers working in the legal pr...
 
Patenting_Innovations_in_3D_Printing_Prosthetics.pptx
Patenting_Innovations_in_3D_Printing_Prosthetics.pptxPatenting_Innovations_in_3D_Printing_Prosthetics.pptx
Patenting_Innovations_in_3D_Printing_Prosthetics.pptx
 
Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...
Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...
Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...
 
在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样
在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样
在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样
 

New York State Department of Financial Services Expands Its Cyber Focus to Insurers

  • 1. The Insurance Coverage Law Information Center The following article is from National Underwriter’s latest online resource, FC&S Legal: The Insurance Coverage Law Information Center. NEW YORK STATE DEPARTMENT OF FINANCIAL SERVICES EXPANDS ITS CYBER FOCUS TO INSURERS Eric R. Dinallo, Jeremy Feigelson, David A. O’Neil, Jim Pastore, and Jordan R. Friedland April 23, 2015 The New York State Department of Financial Services (“DFS”) recently announced a major expansion of its cybersecurity efforts: DFS will require insurers to respond to a special “comprehensive risk assessment” on cybersecurity, with those assessments to be followed by an enhanced focus on cybersecurity as part of DFS’s regular examinations of insurers. DFS’s announcement expands to insurance the increasingly rigorous approach it has recently applied to banks in the area of cybersecurity. More importantly, it offers critical guidance to all industries about what regulators will consider adequate precautions and preparation in this area. The DFS Letter The DFS action took the form of a so-called “308 letter” from Benjamin Lawsky, the DFS Superintendent, to CEOs, general counsels and CIOs of insurers. Section 308 of the New York Insurance Law gives DFS broad information-gathering powers. This 308 letter spells out the details of the one-time comprehensive risk assessment in the form of a detailed written questionnaire that must be answered by April 27. Insurers will have to answer questions about a broad range of cybersecurity issues – many of which mirror those that DFS required banks to answer in December 2014 – including: - Corporate governance of cybersecurity, including the curriculum vitae and job description of the Chief Information Security Officer or other senior person responsible for cybersecurity; - Policies and procedures designed to further the goals of confidentiality, integrity and availability of data, including the integration of data classification (a/k/a the sorting of data according to its sensitivity and risk level) into such policies and procedures; - Various highly specific security topics, such as the use of multi-factor authentication, patch management, penetration testing and vendor management. (N.B.: It is a matter of public record that criminals’ abuse of credentials issued to third-party vendors has been implicated in a number of recent, high-profile hacks.); - Steps taken to adhere to the Framework for Improving Critical Infrastructure Cybersecurity issued by the National Institute of Standards and Technology (“NIST”) on February 12, 2014 concerning third-party stakeholders; - Policies and procedures governing relationships with third-party service providers that address information security risks; - Protections used to safeguard sensitive data that is sent to, received from or accessible to third-party service providers, such as encryption or multi-factor authentication; - Protections against loss or damage incurred as a result of an information security failure by a third-party service provider; - Incident detection and response processes, including real-time monitoring and the institution’s written incident response plan; Call 1-800-543-0874 | Email customerservice@SummitProNets.com | www.fcandslegal.com
  • 2. - Cyber insurance coverage; and - Periodic reevaluation of policies and procedures in light of changing risks. In the 308 letter, DFS notes its expectation that companies will make efforts to obtain any information necessary to respond to the questionnaire from parent or affiliate companies, and imposes upon parent companies the obligation to obtain such information from subsidiaries. Implications for Insurers and Other Companies DFS has not promulgated specific cybersecurity standards, but it is strongly suggesting what it considers best practices by the questions it asks. We have previously called that “regulation by implication” – the questions themselves imply answers that the agency is likely to prefer. Strong substantive answers on the enumerated topics, clearly presented, can be expected to generate clean examination reports. Answers that DFS considers highly unsatisfactory, in contrast, could prompt DFS to pursue civil enforcement measures. Take multi-factor authentication as an example. For the uninitiated, this is the practice of requiring more than a single username/password combination to access a computer system – for instance, use of a one-time code received via a token or text message in addition to a password is a common form of multi-factor authentication. No state or federal law expressly dictates the use of multi-factor authentication, but by asking companies to describe their practices in this area, DFS is clearly signaling that, going forward, it hopes to see companies adopt policies and procedures favoring multi-factor authentication. That is consistent with Superintendent Lawsky’s comments, in a February 25 speech, that DFS was considering promulgating regulations mandating the use of multi-factor authentication because, according to Superintendent Lawsky, single-factor authentication “should have been dead and buried many years ago,” and “it is time that we bury it now.” Another example is the new requirement (not previously applied by DFS to banks) for institutions to describe steps they have taken to adhere to the Cybersecurity Framework promulgated by NIST. The NIST Framework does not have the force of law, though DFS’s reliance on it is yet another indication that the standard is increasingly seen as the emerging gold standard of cybersecurity benchmarks. Simply by asking about the NIST Framework, DFS nudges it toward preferred legal status. That being said, nothing in DFS’s guidance suggests that alternative benchmarking tools like ISO or SANS are inadequate or flawed. This approach of regulation-by-inquiry is reflected throughout the DFS guidance: Simply by asking pointed questions – about vendor management, patch management, the use of written incident response plans and so on – DFS is dropping strong hints as to what it will consider “right” answers in the context of the examinations it will conduct in 2015. Conclusion Although the most recent DFS guidance specifically applies only to the insurers it regulates, management and boards throughout corporate America would do well to study both this guidance and the guidance issued to banks in December 2014. Companies that suffer cybersecurity incidents increasingly are facing pressure to defend themselves – whether in private litigation or in regulatory enforcement actions. Companies in all industries thus may find the DFS “308 letter” a useful checklist for assessing their own cybersecurity posture. About The Authors Eric R. Dinallo and Jeremy Feigelson are partners, and Jim Pastore is counsel in the New York office of Debevoise Plimpton LLP. David A. O’Neil is partner and Jordan R. Friedland is an associate in the Washington, D.C., office. The authors may be contacted at edinallo@debevoise.com, jfeigels@debevoise.com, jjpastor@debevoise.com, daoneil@debevoise.com, and jrfriedl@debevoise.com, respectively. Call 1-800-543-0874 | Email customerservice@SummitProNets.com | www.fcandslegal.com
  • 3. Call 1-800-543-0874 | Email customerservice@SummitProNets.com | www.fcandslegal.com Copyright © 2015 The National Underwriter Company. All Rights Reserved. NOTE: The content posted to this account from FCS Legal: The Insurance Coverage Law Information Center is current to the date of its initial publication. There may have been further developments of the issues discussed since the original publication. This publication is designed to provide accurate and authoritative information in regard to the subject matter covered. It is sold with the understanding that the publisher is not engaged in rendering legal, accounting or other professional service. If legal advice is required, the services of a competent professional person should be sought. For more information, or to begin your free trial: • Call: 1-800-543-0874 • Email: customerservice@SummitProNets.com • Online: www.fcandslegal.com FCS Legal guarantees you instant access to the most authoritative and comprehensive insurance coverage law information available today. This powerful, up-to-the-minute online resource enables you to stay apprised of the latest developments through your desktop, laptop, tablet, or smart phone —whenever and wherever you need it.