Toll Free (844)733-2332

  • Request a Quote

New York Cyber Rules May Become Model for Other States

In recent statements by New York’s financial regulator, a group of U.S. state insurance regulators have been advised to use the state’s groundbreaking cyber security rules as a model for how financial institutions and insurers should protect their networks from hackers and disclose cyber events. The superintendent of the New York State Department of Financial Services called the regulation “a road map with rules of the road,” which can provide a uniform cyber security law that all states can choose to adopt for use by financial institutions and insurers to focus on cyber security threats. New York’s cyber security rules took effect on March 1, following a series of data breaches that resulted in losses of hundreds of millions of dollars to U.S. companies that included Home Depot Inc., Target Corp. and Anthem Inc. The new rules describe steps that covered entities must comply with in order to protect their customer data and networks from cyber criminals. One such rule calls for firms to scrutinize the security of third-party vendors that provide them with goods and services. They must also perform risk assessments in order to design cyber security programs particular to their specific needs. All covered entities are required to certify compliance annually. A proposed model cyber security law that all states can choose to adopt for financial institutions and insurers could lead to more uniformity among states. But they first must be finalized and approved by a task force of state insurance commissioners before being considered by state lawmakers. However, since the task force’s inception in 2015, insurance commissioners haven’t been able to agree upon several points of the law. A fourth draft is expected by May 9.

Leave a Reply

Your email address will not be published. Required fields are marked *