SlideShare une entreprise Scribd logo

New York State Department of Financial Services Expands Its Cyber Focus to Insurers

N
NationalUnderwriter

New York State Department of Financial Services Expands Its Cyber Focus to Insurers by Eric R. Dinallo, Jeremy Feigelson, David A. O’Neil, Jim Pastore, and Jordan R. Friedland The New York State Department of Financial Services (“DFS”) recently announced a major expansion of its cybersecurity efforts: DFS will require insurers to respond to a special “comprehensive risk assessment” on cybersecurity, with those assessments to be followed by an enhanced focus on cybersecurity as part of DFS’s regular examinations of insurers. DFS’s announcement expands to insurance the increasingly rigorous approach it has recently applied to banks in the area of cyber security. More importantly, it offers critical guidance to all industries about what regulators will consider adequate precautions and preparation in this area.

Droit
1  sur  3
Télécharger pour lire hors ligne
The Insurance Coverage Law Information Center The following article is from National Underwriter’s latest online resource, FC&S Legal: The Insurance Coverage Law Information Center. NEW YORK STATE DEPARTMENT OF FINANCIAL SERVICES EXPANDS ITS CYBER FOCUS TO INSURERS Eric R. Dinallo, Jeremy Feigelson, David A. O’Neil, Jim Pastore, and Jordan R. Friedland April 23, 2015 The New York State Department of Financial Services (“DFS”) recently announced a major expansion of its cybersecurity efforts: DFS will require insurers to respond to a special “comprehensive risk assessment” on cybersecurity, with those assessments to be followed by an enhanced focus on cybersecurity as part of DFS’s regular examinations of insurers. DFS’s announcement expands to insurance the increasingly rigorous approach it has recently applied to banks in the area of cybersecurity. More importantly, it offers critical guidance to all industries about what regulators will consider adequate precautions and preparation in this area. The DFS Letter The DFS action took the form of a so-called “308 letter” from Benjamin Lawsky, the DFS Superintendent, to CEOs, general counsels and CIOs of insurers. Section 308 of the New York Insurance Law gives DFS broad information-gathering powers. This 308 letter spells out the details of the one-time comprehensive risk assessment in the form of a detailed written questionnaire that must be answered by April 27. Insurers will have to answer questions about a broad range of cybersecurity issues – many of which mirror those that DFS required banks to answer in December 2014 – including: - Corporate governance of cybersecurity, including the curriculum vitae and job description of the Chief Information Security Officer or other senior person responsible for cybersecurity; - Policies and procedures designed to further the goals of confidentiality, integrity and availability of data, including the integration of data classification (a/k/a the sorting of data according to its sensitivity and risk level) into such policies and procedures; - Various highly specific security topics, such as the use of multi-factor authentication, patch management, penetration testing and vendor management. (N.B.: It is a matter of public record that criminals’ abuse of credentials issued to third-party vendors has been implicated in a number of recent, high-profile hacks.); - Steps taken to adhere to the Framework for Improving Critical Infrastructure Cybersecurity issued by the National Institute of Standards and Technology (“NIST”) on February 12, 2014 concerning third-party stakeholders; - Policies and procedures governing relationships with third-party service providers that address information security risks; - Protections used to safeguard sensitive data that is sent to, received from or accessible to third-party service providers, such as encryption or multi-factor authentication; - Protections against loss or damage incurred as a result of an information security failure by a third-party service provider; - Incident detection and response processes, including real-time monitoring and the institution’s written incident response plan; Call 1-800-543-0874 | Email customerservice@SummitProNets.com | www.fcandslegal.com
- Cyber insurance coverage; and - Periodic reevaluation of policies and procedures in light of changing risks. In the 308 letter, DFS notes its expectation that companies will make efforts to obtain any information necessary to respond to the questionnaire from parent or affiliate companies, and imposes upon parent companies the obligation to obtain such information from subsidiaries. Implications for Insurers and Other Companies DFS has not promulgated specific cybersecurity standards, but it is strongly suggesting what it considers best practices by the questions it asks. We have previously called that “regulation by implication” – the questions themselves imply answers that the agency is likely to prefer. Strong substantive answers on the enumerated topics, clearly presented, can be expected to generate clean examination reports. Answers that DFS considers highly unsatisfactory, in contrast, could prompt DFS to pursue civil enforcement measures. Take multi-factor authentication as an example. For the uninitiated, this is the practice of requiring more than a single username/password combination to access a computer system – for instance, use of a one-time code received via a token or text message in addition to a password is a common form of multi-factor authentication. No state or federal law expressly dictates the use of multi-factor authentication, but by asking companies to describe their practices in this area, DFS is clearly signaling that, going forward, it hopes to see companies adopt policies and procedures favoring multi-factor authentication. That is consistent with Superintendent Lawsky’s comments, in a February 25 speech, that DFS was considering promulgating regulations mandating the use of multi-factor authentication because, according to Superintendent Lawsky, single-factor authentication “should have been dead and buried many years ago,” and “it is time that we bury it now.” Another example is the new requirement (not previously applied by DFS to banks) for institutions to describe steps they have taken to adhere to the Cybersecurity Framework promulgated by NIST. The NIST Framework does not have the force of law, though DFS’s reliance on it is yet another indication that the standard is increasingly seen as the emerging gold standard of cybersecurity benchmarks. Simply by asking about the NIST Framework, DFS nudges it toward preferred legal status. That being said, nothing in DFS’s guidance suggests that alternative benchmarking tools like ISO or SANS are inadequate or flawed. This approach of regulation-by-inquiry is reflected throughout the DFS guidance: Simply by asking pointed questions – about vendor management, patch management, the use of written incident response plans and so on – DFS is dropping strong hints as to what it will consider “right” answers in the context of the examinations it will conduct in 2015. Conclusion Although the most recent DFS guidance specifically applies only to the insurers it regulates, management and boards throughout corporate America would do well to study both this guidance and the guidance issued to banks in December 2014. Companies that suffer cybersecurity incidents increasingly are facing pressure to defend themselves – whether in private litigation or in regulatory enforcement actions. Companies in all industries thus may find the DFS “308 letter” a useful checklist for assessing their own cybersecurity posture. About The Authors Eric R. Dinallo and Jeremy Feigelson are partners, and Jim Pastore is counsel in the New York office of Debevoise Plimpton LLP. David A. O’Neil is partner and Jordan R. Friedland is an associate in the Washington, D.C., office. The authors may be contacted at edinallo@debevoise.com, jfeigels@debevoise.com, jjpastor@debevoise.com, daoneil@debevoise.com, and jrfriedl@debevoise.com, respectively. Call 1-800-543-0874 | Email customerservice@SummitProNets.com | www.fcandslegal.com
Call 1-800-543-0874 | Email customerservice@SummitProNets.com | www.fcandslegal.com Copyright © 2015 The National Underwriter Company. All Rights Reserved. NOTE: The content posted to this account from FCS Legal: The Insurance Coverage Law Information Center is current to the date of its initial publication. There may have been further developments of the issues discussed since the original publication. This publication is designed to provide accurate and authoritative information in regard to the subject matter covered. It is sold with the understanding that the publisher is not engaged in rendering legal, accounting or other professional service. If legal advice is required, the services of a competent professional person should be sought. For more information, or to begin your free trial: • Call: 1-800-543-0874 • Email: customerservice@SummitProNets.com • Online: www.fcandslegal.com FCS Legal guarantees you instant access to the most authoritative and comprehensive insurance coverage law information available today. This powerful, up-to-the-minute online resource enables you to stay apprised of the latest developments through your desktop, laptop, tablet, or smart phone —whenever and wherever you need it.

Recommandé

Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousComplacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousEthan S. Burger
 
employee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurityemployee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurityPaul Ferrillo
 
Cyber Liability Risk
Cyber Liability RiskCyber Liability Risk
Cyber Liability RiskChristopher Rieser
 
The Basics of Cyber Insurance
The Basics of Cyber InsuranceThe Basics of Cyber Insurance
The Basics of Cyber InsuranceHB Litigation Conferences
 
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSCYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSHB Litigation Conferences
 
11 pp-cybersecurity-revised2 a
11 pp-cybersecurity-revised2 a11 pp-cybersecurity-revised2 a
11 pp-cybersecurity-revised2 aIT Strategy Group
 
Wollmuth Maher & Deutsch LLP -Takeaways From The SEC Cybersecurity Examinatio...
Wollmuth Maher & Deutsch LLP -Takeaways From The SEC Cybersecurity Examinatio...Wollmuth Maher & Deutsch LLP -Takeaways From The SEC Cybersecurity Examinatio...
Wollmuth Maher & Deutsch LLP -Takeaways From The SEC Cybersecurity Examinatio...Jason Glass, CFA, CISSP
 
Ci2 cyber insurance presentation
Ci2 cyber insurance presentationCi2 cyber insurance presentation
Ci2 cyber insurance presentationEthan S. Burger
 

Recommandé

Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousComplacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousEthan S. Burger
 
employee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurityemployee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurityPaul Ferrillo
 
Cyber Liability Risk
Cyber Liability RiskCyber Liability Risk
Cyber Liability RiskChristopher Rieser
 
The Basics of Cyber Insurance
The Basics of Cyber InsuranceThe Basics of Cyber Insurance
The Basics of Cyber InsuranceHB Litigation Conferences
 
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSCYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSHB Litigation Conferences
 
11 pp-cybersecurity-revised2 a
11 pp-cybersecurity-revised2 a11 pp-cybersecurity-revised2 a
11 pp-cybersecurity-revised2 aIT Strategy Group
 
Wollmuth Maher & Deutsch LLP -Takeaways From The SEC Cybersecurity Examinatio...
Wollmuth Maher & Deutsch LLP -Takeaways From The SEC Cybersecurity Examinatio...Wollmuth Maher & Deutsch LLP -Takeaways From The SEC Cybersecurity Examinatio...
Wollmuth Maher & Deutsch LLP -Takeaways From The SEC Cybersecurity Examinatio...Jason Glass, CFA, CISSP
 
Ci2 cyber insurance presentation
Ci2 cyber insurance presentationCi2 cyber insurance presentation
Ci2 cyber insurance presentationEthan S. Burger
 
Chief Audit Execs speak out: Cybersecurity & risk management
Chief Audit Execs speak out: Cybersecurity & risk managementChief Audit Execs speak out: Cybersecurity & risk management
Chief Audit Execs speak out: Cybersecurity & risk managementGrant Thornton LLP
 
Cyber Insurance Temp
Cyber Insurance TempCyber Insurance Temp
Cyber Insurance TempRohan Sehgal
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paperspencerharry
 
BCC (2012): Federal Panel Identifying Future Government Needs
BCC (2012): Federal Panel Identifying Future Government NeedsBCC (2012): Federal Panel Identifying Future Government Needs
BCC (2012): Federal Panel Identifying Future Government NeedsDuane Blackburn
 
Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide InsuranceCyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide InsuranceStatewide Insurance Brokers
 
10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance 10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance Hubbard Insurance Group
 
All's Fair in Love and Cyber Warfare
All's Fair in Love and Cyber WarfareAll's Fair in Love and Cyber Warfare
All's Fair in Love and Cyber WarfareNationalUnderwriter
 
Cyber Insurance CLE
Cyber Insurance CLE Cyber Insurance CLE
Cyber Insurance CLE Sarah Stogner
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age padler01
 
CIOReview
CIOReviewCIOReview
CIOReviewTeri Cotton Santos, JD
 
BEA Presentation
BEA PresentationBEA Presentation
BEA PresentationGlenn E. Davis
 
Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers - Cyber Insurance 101Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers - Cyber Insurance 101Statewide Insurance Brokers
 
Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Richard Brzakala
 
GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...
GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...
GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...Patton Boggs LLP
 
Data Breaches: The Cost of Being Unprepared
Data Breaches: The Cost of Being UnpreparedData Breaches: The Cost of Being Unprepared
Data Breaches: The Cost of Being Unpreparedhaynormania
 
July 2010 Cover Story
July 2010 Cover StoryJuly 2010 Cover Story
July 2010 Cover StoryPatrick Spencer
 
Primer on cybersecurity for boards of directors
Primer on cybersecurity for boards of directorsPrimer on cybersecurity for boards of directors
Primer on cybersecurity for boards of directorsDavid X Martin
 
Personally Identifiable Information Protection
Personally Identifiable Information ProtectionPersonally Identifiable Information Protection
Personally Identifiable Information ProtectionPECB
 
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMS
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMSSOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMS
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMSHB Litigation Conferences
 
Logikcull Webinar: Preventing the Next Panama Papers
Logikcull Webinar: Preventing the Next Panama PapersLogikcull Webinar: Preventing the Next Panama Papers
Logikcull Webinar: Preventing the Next Panama PapersLogikcull.com
 
cybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattcybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattYigal Behar
 
C-Suite Guide to Cybersecurity
C-Suite Guide to CybersecurityC-Suite Guide to Cybersecurity
C-Suite Guide to CybersecurityMICHAEL MOSHIRI
 

Contenu connexe

Tendances

Chief Audit Execs speak out: Cybersecurity & risk management
Chief Audit Execs speak out: Cybersecurity & risk managementChief Audit Execs speak out: Cybersecurity & risk management
Chief Audit Execs speak out: Cybersecurity & risk managementGrant Thornton LLP
 
Cyber Insurance Temp
Cyber Insurance TempCyber Insurance Temp
Cyber Insurance TempRohan Sehgal
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paperspencerharry
 
BCC (2012): Federal Panel Identifying Future Government Needs
BCC (2012): Federal Panel Identifying Future Government NeedsBCC (2012): Federal Panel Identifying Future Government Needs
BCC (2012): Federal Panel Identifying Future Government NeedsDuane Blackburn
 
Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide InsuranceCyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide InsuranceStatewide Insurance Brokers
 
10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance 10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance Hubbard Insurance Group
 
All's Fair in Love and Cyber Warfare
All's Fair in Love and Cyber WarfareAll's Fair in Love and Cyber Warfare
All's Fair in Love and Cyber WarfareNationalUnderwriter
 
Cyber Insurance CLE
Cyber Insurance CLE Cyber Insurance CLE
Cyber Insurance CLE Sarah Stogner
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age padler01
 
Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers - Cyber Insurance 101Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers - Cyber Insurance 101Statewide Insurance Brokers
 
Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Richard Brzakala
 
GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...
GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...
GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...Patton Boggs LLP
 
Data Breaches: The Cost of Being Unprepared
Data Breaches: The Cost of Being UnpreparedData Breaches: The Cost of Being Unprepared
Data Breaches: The Cost of Being Unpreparedhaynormania
 
Primer on cybersecurity for boards of directors
Primer on cybersecurity for boards of directorsPrimer on cybersecurity for boards of directors
Primer on cybersecurity for boards of directorsDavid X Martin
 
Personally Identifiable Information Protection
Personally Identifiable Information ProtectionPersonally Identifiable Information Protection
Personally Identifiable Information ProtectionPECB
 
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMS
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMSSOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMS
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMSHB Litigation Conferences
 
Logikcull Webinar: Preventing the Next Panama Papers
Logikcull Webinar: Preventing the Next Panama PapersLogikcull Webinar: Preventing the Next Panama Papers
Logikcull Webinar: Preventing the Next Panama PapersLogikcull.com
 

Tendances (20)

Chief Audit Execs speak out: Cybersecurity & risk management
Chief Audit Execs speak out: Cybersecurity & risk managementChief Audit Execs speak out: Cybersecurity & risk management
Chief Audit Execs speak out: Cybersecurity & risk management
 
Cyber Insurance Temp
Cyber Insurance TempCyber Insurance Temp
Cyber Insurance Temp
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paper
 
BCC (2012): Federal Panel Identifying Future Government Needs
BCC (2012): Federal Panel Identifying Future Government NeedsBCC (2012): Federal Panel Identifying Future Government Needs
BCC (2012): Federal Panel Identifying Future Government Needs
 
Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide InsuranceCyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
 
10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance 10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance
 
All's Fair in Love and Cyber Warfare
All's Fair in Love and Cyber WarfareAll's Fair in Love and Cyber Warfare
All's Fair in Love and Cyber Warfare
 
Cyber Insurance CLE
Cyber Insurance CLE Cyber Insurance CLE
Cyber Insurance CLE
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age
 
CIOReview
CIOReviewCIOReview
CIOReview
 
BEA Presentation
BEA PresentationBEA Presentation
BEA Presentation
 
Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers - Cyber Insurance 101Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers - Cyber Insurance 101
 
Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals
 
GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...
GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...
GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...
 
Data Breaches: The Cost of Being Unprepared
Data Breaches: The Cost of Being UnpreparedData Breaches: The Cost of Being Unprepared
Data Breaches: The Cost of Being Unprepared
 
July 2010 Cover Story
July 2010 Cover StoryJuly 2010 Cover Story
July 2010 Cover Story
 
Primer on cybersecurity for boards of directors
Primer on cybersecurity for boards of directorsPrimer on cybersecurity for boards of directors
Primer on cybersecurity for boards of directors
 
Personally Identifiable Information Protection
Personally Identifiable Information ProtectionPersonally Identifiable Information Protection
Personally Identifiable Information Protection
 
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMS
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMSSOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMS
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMS
 
Logikcull Webinar: Preventing the Next Panama Papers
Logikcull Webinar: Preventing the Next Panama PapersLogikcull Webinar: Preventing the Next Panama Papers
Logikcull Webinar: Preventing the Next Panama Papers
 

En vedette

cybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattcybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattYigal Behar
 
C-Suite Guide to Cybersecurity
C-Suite Guide to CybersecurityC-Suite Guide to Cybersecurity
C-Suite Guide to CybersecurityMICHAEL MOSHIRI
 
New York DFS proposed cybersecurity regulations
New York DFS proposed cybersecurity regulationsNew York DFS proposed cybersecurity regulations
New York DFS proposed cybersecurity regulationsBrunswick Group
 
NYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity RegulationsNYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity RegulationsJon Bosco
 
Future of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.RosenquistFuture of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.RosenquistMatthew Rosenquist
 
How to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteHow to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteSurfWatch Labs
 
Securing the Cloud by Matthew Rosenquist 2016
Securing the Cloud by Matthew Rosenquist 2016Securing the Cloud by Matthew Rosenquist 2016
Securing the Cloud by Matthew Rosenquist 2016Matthew Rosenquist
 
CSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew RosenquistCSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew RosenquistMatthew Rosenquist
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterTuan Phan
 
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistTop 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistMatthew Rosenquist
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityNeha Gupta
 
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the BoardroomSecuring the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the BoardroomIBM Security
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkTuan Phan
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 ChallengesLeandro Bennaton
 
How to Approach the NYDFS Proposed Cybersecurity Requirements
How to Approach the NYDFS Proposed Cybersecurity RequirementsHow to Approach the NYDFS Proposed Cybersecurity Requirements
How to Approach the NYDFS Proposed Cybersecurity RequirementsKyle Brown
 
Cyber crime ppt
Cyber crime pptCyber crime ppt
Cyber crime pptMOE515253
 

En vedette (17)

cybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattcybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-matt
 
C-Suite Guide to Cybersecurity
C-Suite Guide to CybersecurityC-Suite Guide to Cybersecurity
C-Suite Guide to Cybersecurity
 
Layers of Cyber Protection
Layers of Cyber ProtectionLayers of Cyber Protection
Layers of Cyber Protection
 
New York DFS proposed cybersecurity regulations
New York DFS proposed cybersecurity regulationsNew York DFS proposed cybersecurity regulations
New York DFS proposed cybersecurity regulations
 
NYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity RegulationsNYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity Regulations
 
Future of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.RosenquistFuture of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.Rosenquist
 
How to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteHow to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-Suite
 
Securing the Cloud by Matthew Rosenquist 2016
Securing the Cloud by Matthew Rosenquist 2016Securing the Cloud by Matthew Rosenquist 2016
Securing the Cloud by Matthew Rosenquist 2016
 
CSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew RosenquistCSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew Rosenquist
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
 
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistTop 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the BoardroomSecuring the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity Framework
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 Challenges
 
How to Approach the NYDFS Proposed Cybersecurity Requirements
How to Approach the NYDFS Proposed Cybersecurity RequirementsHow to Approach the NYDFS Proposed Cybersecurity Requirements
How to Approach the NYDFS Proposed Cybersecurity Requirements
 
Cyber crime ppt
Cyber crime pptCyber crime ppt
Cyber crime ppt
 

Similaire à New York State Department of Financial Services Expands Its Cyber Focus to Insurers

Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsKen M. Shaurette
 
Maintain data privacy during software development
Maintain data privacy during software developmentMaintain data privacy during software development
Maintain data privacy during software developmentMuhammadArif823
 
CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White PaperDmcenter
 
Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Michael C. Keeling, Esq.
 
Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity EssayMichael Solomon
 
Privacy Do's and Don'ts for Customer Service Representatives
Privacy Do's and Don'ts for Customer Service RepresentativesPrivacy Do's and Don'ts for Customer Service Representatives
Privacy Do's and Don'ts for Customer Service RepresentativesArt Hall
 
Cyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelCyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelPaul Di Gangi
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossShawn Tuma
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Financial Poise
 
Module 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemModule 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemIlonaThornburg83
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White PaperTodd Ruback
 
Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants- Mark - Fullbright
 
Cybersecurity_Alert_Dec_16_2014
Cybersecurity_Alert_Dec_16_2014Cybersecurity_Alert_Dec_16_2014
Cybersecurity_Alert_Dec_16_2014Paul Ferrillo
 
The Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOTThe Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOTCompliancy Group
 
What is in store for e-discovery in 2015?
What is in store for e-discovery in 2015?What is in store for e-discovery in 2015?
What is in store for e-discovery in 2015?Logikcull.com
 
Cybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guideCybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guideJoAnna Cheshire
 
Introduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsIntroduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsFinancial Poise
 
Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15James Fisher
 

Similaire à New York State Department of Financial Services Expands Its Cyber Focus to Insurers (20)

Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessments
 
Maintain data privacy during software development
Maintain data privacy during software developmentMaintain data privacy during software development
Maintain data privacy during software development
 
CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White Paper
 
Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1
 
Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity Essay
 
Protecting Donor Privacy
Protecting Donor PrivacyProtecting Donor Privacy
Protecting Donor Privacy
 
Privacy Do's and Don'ts for Customer Service Representatives
Privacy Do's and Don'ts for Customer Service RepresentativesPrivacy Do's and Don'ts for Customer Service Representatives
Privacy Do's and Don'ts for Customer Service Representatives
 
Cyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelCyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework Panel
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
 
Module 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemModule 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancem
 
Data Privacy Compliance
Data Privacy ComplianceData Privacy Compliance
Data Privacy Compliance
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paper
 
Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants
 
Cybersecurity_Alert_Dec_16_2014
Cybersecurity_Alert_Dec_16_2014Cybersecurity_Alert_Dec_16_2014
Cybersecurity_Alert_Dec_16_2014
 
The Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOTThe Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOT
 
What is in store for e-discovery in 2015?
What is in store for e-discovery in 2015?What is in store for e-discovery in 2015?
What is in store for e-discovery in 2015?
 
Cybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guideCybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guide
 
Introduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsIntroduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and Requirements
 
Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15
 

Plus de NationalUnderwriter

Excess and Surplus Lines Law: A 3-State Sample of a Complete State-by-State C...
Excess and Surplus Lines Law: A 3-State Sample of a Complete State-by-State C...Excess and Surplus Lines Law: A 3-State Sample of a Complete State-by-State C...
Excess and Surplus Lines Law: A 3-State Sample of a Complete State-by-State C...NationalUnderwriter
 
How to Successfully Navigate the Latest Changes to the Affordable Care Act
How to Successfully Navigate the Latest Changes to the Affordable Care ActHow to Successfully Navigate the Latest Changes to the Affordable Care Act
How to Successfully Navigate the Latest Changes to the Affordable Care ActNationalUnderwriter
 
Finding in Favor of Insurer, Jury Rejects Homeowners¹ Bid for $600,000 for Wa...
Finding in Favor of Insurer, Jury Rejects Homeowners¹ Bid for $600,000 for Wa...Finding in Favor of Insurer, Jury Rejects Homeowners¹ Bid for $600,000 for Wa...
Finding in Favor of Insurer, Jury Rejects Homeowners¹ Bid for $600,000 for Wa...NationalUnderwriter
 
The EU Solvency II Regime for Insurers: An Update on Implementation
The EU Solvency II Regime for Insurers: An Update on ImplementationThe EU Solvency II Regime for Insurers: An Update on Implementation
The EU Solvency II Regime for Insurers: An Update on ImplementationNationalUnderwriter
 
CFTC Grants No Action Relief to Commodity Pool Operators with Respect to Cert...
CFTC Grants No Action Relief to Commodity Pool Operators with Respect to Cert...CFTC Grants No Action Relief to Commodity Pool Operators with Respect to Cert...
CFTC Grants No Action Relief to Commodity Pool Operators with Respect to Cert...NationalUnderwriter
 
Arbitration in Insurance Coverage Disputes: Pluses and Minuses
Arbitration in Insurance Coverage Disputes: Pluses and MinusesArbitration in Insurance Coverage Disputes: Pluses and Minuses
Arbitration in Insurance Coverage Disputes: Pluses and MinusesNationalUnderwriter
 
Supreme Court of Texas Marries Contractual Limitations to Insurance Policies
Supreme Court of Texas Marries Contractual Limitations to Insurance PoliciesSupreme Court of Texas Marries Contractual Limitations to Insurance Policies
Supreme Court of Texas Marries Contractual Limitations to Insurance PoliciesNationalUnderwriter
 
Supreme Court of New Jersey Confirms "Fairly Debatable" Standard for First Pa...
Supreme Court of New Jersey Confirms "Fairly Debatable" Standard for First Pa...Supreme Court of New Jersey Confirms "Fairly Debatable" Standard for First Pa...
Supreme Court of New Jersey Confirms "Fairly Debatable" Standard for First Pa...NationalUnderwriter
 
Pennsylvania Supreme Court Holds Policyholders May Assign Their Statutory Rig...
Pennsylvania Supreme Court Holds Policyholders May Assign Their Statutory Rig...Pennsylvania Supreme Court Holds Policyholders May Assign Their Statutory Rig...
Pennsylvania Supreme Court Holds Policyholders May Assign Their Statutory Rig...NationalUnderwriter
 
Migrating Sand Triggers Separate Policy Limits for CGL Policy¹s Personal Inju...
Migrating Sand Triggers Separate Policy Limits for CGL Policy¹s Personal Inju...Migrating Sand Triggers Separate Policy Limits for CGL Policy¹s Personal Inju...
Migrating Sand Triggers Separate Policy Limits for CGL Policy¹s Personal Inju...NationalUnderwriter
 
Cyber Security and Insurance Coverage Protection: The Perfect Time for an Audit
Cyber Security and Insurance Coverage Protection: The Perfect Time for an AuditCyber Security and Insurance Coverage Protection: The Perfect Time for an Audit
Cyber Security and Insurance Coverage Protection: The Perfect Time for an AuditNationalUnderwriter
 
Class Actions: Insurance Related Claims
Class Actions: Insurance Related ClaimsClass Actions: Insurance Related Claims
Class Actions: Insurance Related ClaimsNationalUnderwriter
 
Clarifying Bad Faith Jurisprudence in Virginia, Federal Court Recognizes Bad ...
Clarifying Bad Faith Jurisprudence in Virginia, Federal Court Recognizes Bad ...Clarifying Bad Faith Jurisprudence in Virginia, Federal Court Recognizes Bad ...
Clarifying Bad Faith Jurisprudence in Virginia, Federal Court Recognizes Bad ...NationalUnderwriter
 
CFTC Grants No-Action Relief to Commodity Pool Operators with Respect to Cert...
CFTC Grants No-Action Relief to Commodity Pool Operators with Respect to Cert...CFTC Grants No-Action Relief to Commodity Pool Operators with Respect to Cert...
CFTC Grants No-Action Relief to Commodity Pool Operators with Respect to Cert...NationalUnderwriter
 
N.J. Trial Court Applies "Named Storm" Deductible in Superstorm Sandy Case
N.J. Trial Court Applies "Named Storm" Deductible in Superstorm Sandy CaseN.J. Trial Court Applies "Named Storm" Deductible in Superstorm Sandy Case
N.J. Trial Court Applies "Named Storm" Deductible in Superstorm Sandy CaseNationalUnderwriter
 
Clarifying Bad Faith Jurisprudence in Virginia, Federal Court Recognizes Bad-...
Clarifying Bad Faith Jurisprudence in Virginia, Federal Court Recognizes Bad-...Clarifying Bad Faith Jurisprudence in Virginia, Federal Court Recognizes Bad-...
Clarifying Bad Faith Jurisprudence in Virginia, Federal Court Recognizes Bad-...NationalUnderwriter
 
Wisconsin Supreme Court: Pollution Exclusion Bars Coverage for Well Contamin...
Wisconsin Supreme Court: Pollution Exclusion Bars Coverage for Well Contamin...Wisconsin Supreme Court: Pollution Exclusion Bars Coverage for Well Contamin...
Wisconsin Supreme Court: Pollution Exclusion Bars Coverage for Well Contamin...NationalUnderwriter
 
New York High Court Finds Lead Exposure Injuries to Children of Different Fam...
New York High Court Finds Lead Exposure Injuries to Children of Different Fam...New York High Court Finds Lead Exposure Injuries to Children of Different Fam...
New York High Court Finds Lead Exposure Injuries to Children of Different Fam...NationalUnderwriter
 
February14 IRS Valentine’s Day Words of Wisdom by Jay Katz
February14 IRS Valentine’s Day Words of Wisdom by Jay KatzFebruary14 IRS Valentine’s Day Words of Wisdom by Jay Katz
February14 IRS Valentine’s Day Words of Wisdom by Jay KatzNationalUnderwriter
 
Discharge of Debt Income (from The Tools & Techniques of Income Tax Planning)
Discharge of Debt Income (from The Tools & Techniques of Income Tax Planning)Discharge of Debt Income (from The Tools & Techniques of Income Tax Planning)
Discharge of Debt Income (from The Tools & Techniques of Income Tax Planning)NationalUnderwriter
 

Plus de NationalUnderwriter (20)

Excess and Surplus Lines Law: A 3-State Sample of a Complete State-by-State C...
Excess and Surplus Lines Law: A 3-State Sample of a Complete State-by-State C...Excess and Surplus Lines Law: A 3-State Sample of a Complete State-by-State C...
Excess and Surplus Lines Law: A 3-State Sample of a Complete State-by-State C...
 
How to Successfully Navigate the Latest Changes to the Affordable Care Act
How to Successfully Navigate the Latest Changes to the Affordable Care ActHow to Successfully Navigate the Latest Changes to the Affordable Care Act
How to Successfully Navigate the Latest Changes to the Affordable Care Act
 
Finding in Favor of Insurer, Jury Rejects Homeowners¹ Bid for $600,000 for Wa...
Finding in Favor of Insurer, Jury Rejects Homeowners¹ Bid for $600,000 for Wa...Finding in Favor of Insurer, Jury Rejects Homeowners¹ Bid for $600,000 for Wa...
Finding in Favor of Insurer, Jury Rejects Homeowners¹ Bid for $600,000 for Wa...
 
The EU Solvency II Regime for Insurers: An Update on Implementation
The EU Solvency II Regime for Insurers: An Update on ImplementationThe EU Solvency II Regime for Insurers: An Update on Implementation
The EU Solvency II Regime for Insurers: An Update on Implementation
 
CFTC Grants No Action Relief to Commodity Pool Operators with Respect to Cert...
CFTC Grants No Action Relief to Commodity Pool Operators with Respect to Cert...CFTC Grants No Action Relief to Commodity Pool Operators with Respect to Cert...
CFTC Grants No Action Relief to Commodity Pool Operators with Respect to Cert...
 
Arbitration in Insurance Coverage Disputes: Pluses and Minuses
Arbitration in Insurance Coverage Disputes: Pluses and MinusesArbitration in Insurance Coverage Disputes: Pluses and Minuses
Arbitration in Insurance Coverage Disputes: Pluses and Minuses
 
Supreme Court of Texas Marries Contractual Limitations to Insurance Policies
Supreme Court of Texas Marries Contractual Limitations to Insurance PoliciesSupreme Court of Texas Marries Contractual Limitations to Insurance Policies
Supreme Court of Texas Marries Contractual Limitations to Insurance Policies
 
Supreme Court of New Jersey Confirms "Fairly Debatable" Standard for First Pa...
Supreme Court of New Jersey Confirms "Fairly Debatable" Standard for First Pa...Supreme Court of New Jersey Confirms "Fairly Debatable" Standard for First Pa...
Supreme Court of New Jersey Confirms "Fairly Debatable" Standard for First Pa...
 
Pennsylvania Supreme Court Holds Policyholders May Assign Their Statutory Rig...
Pennsylvania Supreme Court Holds Policyholders May Assign Their Statutory Rig...Pennsylvania Supreme Court Holds Policyholders May Assign Their Statutory Rig...
Pennsylvania Supreme Court Holds Policyholders May Assign Their Statutory Rig...
 
Migrating Sand Triggers Separate Policy Limits for CGL Policy¹s Personal Inju...
Migrating Sand Triggers Separate Policy Limits for CGL Policy¹s Personal Inju...Migrating Sand Triggers Separate Policy Limits for CGL Policy¹s Personal Inju...
Migrating Sand Triggers Separate Policy Limits for CGL Policy¹s Personal Inju...
 
Cyber Security and Insurance Coverage Protection: The Perfect Time for an Audit
Cyber Security and Insurance Coverage Protection: The Perfect Time for an AuditCyber Security and Insurance Coverage Protection: The Perfect Time for an Audit
Cyber Security and Insurance Coverage Protection: The Perfect Time for an Audit
 
Class Actions: Insurance Related Claims
Class Actions: Insurance Related ClaimsClass Actions: Insurance Related Claims
Class Actions: Insurance Related Claims
 
Clarifying Bad Faith Jurisprudence in Virginia, Federal Court Recognizes Bad ...
Clarifying Bad Faith Jurisprudence in Virginia, Federal Court Recognizes Bad ...Clarifying Bad Faith Jurisprudence in Virginia, Federal Court Recognizes Bad ...
Clarifying Bad Faith Jurisprudence in Virginia, Federal Court Recognizes Bad ...
 
CFTC Grants No-Action Relief to Commodity Pool Operators with Respect to Cert...
CFTC Grants No-Action Relief to Commodity Pool Operators with Respect to Cert...CFTC Grants No-Action Relief to Commodity Pool Operators with Respect to Cert...
CFTC Grants No-Action Relief to Commodity Pool Operators with Respect to Cert...
 
N.J. Trial Court Applies "Named Storm" Deductible in Superstorm Sandy Case
N.J. Trial Court Applies "Named Storm" Deductible in Superstorm Sandy CaseN.J. Trial Court Applies "Named Storm" Deductible in Superstorm Sandy Case
N.J. Trial Court Applies "Named Storm" Deductible in Superstorm Sandy Case
 
Clarifying Bad Faith Jurisprudence in Virginia, Federal Court Recognizes Bad-...
Clarifying Bad Faith Jurisprudence in Virginia, Federal Court Recognizes Bad-...Clarifying Bad Faith Jurisprudence in Virginia, Federal Court Recognizes Bad-...
Clarifying Bad Faith Jurisprudence in Virginia, Federal Court Recognizes Bad-...
 
Wisconsin Supreme Court: Pollution Exclusion Bars Coverage for Well Contamin...
Wisconsin Supreme Court: Pollution Exclusion Bars Coverage for Well Contamin...Wisconsin Supreme Court: Pollution Exclusion Bars Coverage for Well Contamin...
Wisconsin Supreme Court: Pollution Exclusion Bars Coverage for Well Contamin...
 
New York High Court Finds Lead Exposure Injuries to Children of Different Fam...
New York High Court Finds Lead Exposure Injuries to Children of Different Fam...New York High Court Finds Lead Exposure Injuries to Children of Different Fam...
New York High Court Finds Lead Exposure Injuries to Children of Different Fam...
 
February14 IRS Valentine’s Day Words of Wisdom by Jay Katz
February14 IRS Valentine’s Day Words of Wisdom by Jay KatzFebruary14 IRS Valentine’s Day Words of Wisdom by Jay Katz
February14 IRS Valentine’s Day Words of Wisdom by Jay Katz
 
Discharge of Debt Income (from The Tools & Techniques of Income Tax Planning)
Discharge of Debt Income (from The Tools & Techniques of Income Tax Planning)Discharge of Debt Income (from The Tools & Techniques of Income Tax Planning)
Discharge of Debt Income (from The Tools & Techniques of Income Tax Planning)
 

Dernier

如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书Fir L
 
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书Fs Las
 
一比一原版牛津布鲁克斯大学毕业证学位证书
一比一原版牛津布鲁克斯大学毕业证学位证书一比一原版牛津布鲁克斯大学毕业证学位证书
一比一原版牛津布鲁克斯大学毕业证学位证书E LSS
 
COPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptxCOPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptxRRR Chambers
 
Chp 1- Contract and its kinds-business law .ppt
Chp 1- Contract and its kinds-business law .pptChp 1- Contract and its kinds-business law .ppt
Chp 1- Contract and its kinds-business law .pptzainabbkhaleeq123
 
LITERAL RULE OF INTERPRETATION - PRIMARY RULE
LITERAL RULE OF INTERPRETATION - PRIMARY RULELITERAL RULE OF INTERPRETATION - PRIMARY RULE
LITERAL RULE OF INTERPRETATION - PRIMARY RULEsreeramsaipranitha
 
一比一原版利兹大学毕业证学位证书
一比一原版利兹大学毕业证学位证书一比一原版利兹大学毕业证学位证书
一比一原版利兹大学毕业证学位证书E LSS
 
Essentials of a Valid Transfer.pptxmmmmmm
Essentials of a Valid Transfer.pptxmmmmmmEssentials of a Valid Transfer.pptxmmmmmm
Essentials of a Valid Transfer.pptxmmmmmm2020000445musaib
 
如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书
如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书
如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书Fir L
 
如何办理普利茅斯大学毕业证(本硕)Plymouth学位证书
如何办理普利茅斯大学毕业证(本硕)Plymouth学位证书如何办理普利茅斯大学毕业证(本硕)Plymouth学位证书
如何办理普利茅斯大学毕业证(本硕)Plymouth学位证书Fir L
 
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxxAudience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxxMollyBrown86
 
一比一原版西澳大学毕业证学位证书
一比一原版西澳大学毕业证学位证书 一比一原版西澳大学毕业证学位证书
一比一原版西澳大学毕业证学位证书SS A
 
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书Fs Las
 
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书 如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书Sir Lt
 
一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书 一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书SS A
 
THE FACTORIES ACT,1948 (2).pptx labour
THE FACTORIES ACT,1948 (2).pptx labourTHE FACTORIES ACT,1948 (2).pptx labour
THE FACTORIES ACT,1948 (2).pptx labourBhavikaGholap1
 
Debt Collection in India - General Procedure
Debt Collection in India - General ProcedureDebt Collection in India - General Procedure
Debt Collection in India - General ProcedureBridgeWest.eu
 
CALL ON ➥8923113531 🔝Call Girls Singar Nagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Singar Nagar Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Singar Nagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Singar Nagar Lucknow best sexual serviceanilsa9823
 
如何办理(Lincoln文凭证书)林肯大学毕业证学位证书
如何办理(Lincoln文凭证书)林肯大学毕业证学位证书如何办理(Lincoln文凭证书)林肯大学毕业证学位证书
如何办理(Lincoln文凭证书)林肯大学毕业证学位证书Fs Las
 

Dernier (20)

如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书
 
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
 
一比一原版牛津布鲁克斯大学毕业证学位证书
一比一原版牛津布鲁克斯大学毕业证学位证书一比一原版牛津布鲁克斯大学毕业证学位证书
一比一原版牛津布鲁克斯大学毕业证学位证书
 
COPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptxCOPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptx
 
Chp 1- Contract and its kinds-business law .ppt
Chp 1- Contract and its kinds-business law .pptChp 1- Contract and its kinds-business law .ppt
Chp 1- Contract and its kinds-business law .ppt
 
LITERAL RULE OF INTERPRETATION - PRIMARY RULE
LITERAL RULE OF INTERPRETATION - PRIMARY RULELITERAL RULE OF INTERPRETATION - PRIMARY RULE
LITERAL RULE OF INTERPRETATION - PRIMARY RULE
 
一比一原版利兹大学毕业证学位证书
一比一原版利兹大学毕业证学位证书一比一原版利兹大学毕业证学位证书
一比一原版利兹大学毕业证学位证书
 
Essentials of a Valid Transfer.pptxmmmmmm
Essentials of a Valid Transfer.pptxmmmmmmEssentials of a Valid Transfer.pptxmmmmmm
Essentials of a Valid Transfer.pptxmmmmmm
 
如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书
如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书
如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书
 
如何办理普利茅斯大学毕业证(本硕)Plymouth学位证书
如何办理普利茅斯大学毕业证(本硕)Plymouth学位证书如何办理普利茅斯大学毕业证(本硕)Plymouth学位证书
如何办理普利茅斯大学毕业证(本硕)Plymouth学位证书
 
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxxAudience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
Russian Call Girls Rohini Sector 7 💓 Delhi 9999965857 @Sabina Modi VVIP MODEL...
Russian Call Girls Rohini Sector 7 💓 Delhi 9999965857 @Sabina Modi VVIP MODEL...Russian Call Girls Rohini Sector 7 💓 Delhi 9999965857 @Sabina Modi VVIP MODEL...
Russian Call Girls Rohini Sector 7 💓 Delhi 9999965857 @Sabina Modi VVIP MODEL...
 
一比一原版西澳大学毕业证学位证书
一比一原版西澳大学毕业证学位证书 一比一原版西澳大学毕业证学位证书
一比一原版西澳大学毕业证学位证书
 
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
 
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书 如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
 
一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书 一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书
 
THE FACTORIES ACT,1948 (2).pptx labour
THE FACTORIES ACT,1948 (2).pptx labourTHE FACTORIES ACT,1948 (2).pptx labour
THE FACTORIES ACT,1948 (2).pptx labour
 
Debt Collection in India - General Procedure
Debt Collection in India - General ProcedureDebt Collection in India - General Procedure
Debt Collection in India - General Procedure
 
CALL ON ➥8923113531 🔝Call Girls Singar Nagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Singar Nagar Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Singar Nagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Singar Nagar Lucknow best sexual service
 
如何办理(Lincoln文凭证书)林肯大学毕业证学位证书
如何办理(Lincoln文凭证书)林肯大学毕业证学位证书如何办理(Lincoln文凭证书)林肯大学毕业证学位证书
如何办理(Lincoln文凭证书)林肯大学毕业证学位证书
 

New York State Department of Financial Services Expands Its Cyber Focus to Insurers

  • 1. The Insurance Coverage Law Information Center The following article is from National Underwriter’s latest online resource, FC&S Legal: The Insurance Coverage Law Information Center. NEW YORK STATE DEPARTMENT OF FINANCIAL SERVICES EXPANDS ITS CYBER FOCUS TO INSURERS Eric R. Dinallo, Jeremy Feigelson, David A. O’Neil, Jim Pastore, and Jordan R. Friedland April 23, 2015 The New York State Department of Financial Services (“DFS”) recently announced a major expansion of its cybersecurity efforts: DFS will require insurers to respond to a special “comprehensive risk assessment” on cybersecurity, with those assessments to be followed by an enhanced focus on cybersecurity as part of DFS’s regular examinations of insurers. DFS’s announcement expands to insurance the increasingly rigorous approach it has recently applied to banks in the area of cybersecurity. More importantly, it offers critical guidance to all industries about what regulators will consider adequate precautions and preparation in this area. The DFS Letter The DFS action took the form of a so-called “308 letter” from Benjamin Lawsky, the DFS Superintendent, to CEOs, general counsels and CIOs of insurers. Section 308 of the New York Insurance Law gives DFS broad information-gathering powers. This 308 letter spells out the details of the one-time comprehensive risk assessment in the form of a detailed written questionnaire that must be answered by April 27. Insurers will have to answer questions about a broad range of cybersecurity issues – many of which mirror those that DFS required banks to answer in December 2014 – including: - Corporate governance of cybersecurity, including the curriculum vitae and job description of the Chief Information Security Officer or other senior person responsible for cybersecurity; - Policies and procedures designed to further the goals of confidentiality, integrity and availability of data, including the integration of data classification (a/k/a the sorting of data according to its sensitivity and risk level) into such policies and procedures; - Various highly specific security topics, such as the use of multi-factor authentication, patch management, penetration testing and vendor management. (N.B.: It is a matter of public record that criminals’ abuse of credentials issued to third-party vendors has been implicated in a number of recent, high-profile hacks.); - Steps taken to adhere to the Framework for Improving Critical Infrastructure Cybersecurity issued by the National Institute of Standards and Technology (“NIST”) on February 12, 2014 concerning third-party stakeholders; - Policies and procedures governing relationships with third-party service providers that address information security risks; - Protections used to safeguard sensitive data that is sent to, received from or accessible to third-party service providers, such as encryption or multi-factor authentication; - Protections against loss or damage incurred as a result of an information security failure by a third-party service provider; - Incident detection and response processes, including real-time monitoring and the institution’s written incident response plan; Call 1-800-543-0874 | Email customerservice@SummitProNets.com | www.fcandslegal.com
  • 2. - Cyber insurance coverage; and - Periodic reevaluation of policies and procedures in light of changing risks. In the 308 letter, DFS notes its expectation that companies will make efforts to obtain any information necessary to respond to the questionnaire from parent or affiliate companies, and imposes upon parent companies the obligation to obtain such information from subsidiaries. Implications for Insurers and Other Companies DFS has not promulgated specific cybersecurity standards, but it is strongly suggesting what it considers best practices by the questions it asks. We have previously called that “regulation by implication” – the questions themselves imply answers that the agency is likely to prefer. Strong substantive answers on the enumerated topics, clearly presented, can be expected to generate clean examination reports. Answers that DFS considers highly unsatisfactory, in contrast, could prompt DFS to pursue civil enforcement measures. Take multi-factor authentication as an example. For the uninitiated, this is the practice of requiring more than a single username/password combination to access a computer system – for instance, use of a one-time code received via a token or text message in addition to a password is a common form of multi-factor authentication. No state or federal law expressly dictates the use of multi-factor authentication, but by asking companies to describe their practices in this area, DFS is clearly signaling that, going forward, it hopes to see companies adopt policies and procedures favoring multi-factor authentication. That is consistent with Superintendent Lawsky’s comments, in a February 25 speech, that DFS was considering promulgating regulations mandating the use of multi-factor authentication because, according to Superintendent Lawsky, single-factor authentication “should have been dead and buried many years ago,” and “it is time that we bury it now.” Another example is the new requirement (not previously applied by DFS to banks) for institutions to describe steps they have taken to adhere to the Cybersecurity Framework promulgated by NIST. The NIST Framework does not have the force of law, though DFS’s reliance on it is yet another indication that the standard is increasingly seen as the emerging gold standard of cybersecurity benchmarks. Simply by asking about the NIST Framework, DFS nudges it toward preferred legal status. That being said, nothing in DFS’s guidance suggests that alternative benchmarking tools like ISO or SANS are inadequate or flawed. This approach of regulation-by-inquiry is reflected throughout the DFS guidance: Simply by asking pointed questions – about vendor management, patch management, the use of written incident response plans and so on – DFS is dropping strong hints as to what it will consider “right” answers in the context of the examinations it will conduct in 2015. Conclusion Although the most recent DFS guidance specifically applies only to the insurers it regulates, management and boards throughout corporate America would do well to study both this guidance and the guidance issued to banks in December 2014. Companies that suffer cybersecurity incidents increasingly are facing pressure to defend themselves – whether in private litigation or in regulatory enforcement actions. Companies in all industries thus may find the DFS “308 letter” a useful checklist for assessing their own cybersecurity posture. About The Authors Eric R. Dinallo and Jeremy Feigelson are partners, and Jim Pastore is counsel in the New York office of Debevoise Plimpton LLP. David A. O’Neil is partner and Jordan R. Friedland is an associate in the Washington, D.C., office. The authors may be contacted at edinallo@debevoise.com, jfeigels@debevoise.com, jjpastor@debevoise.com, daoneil@debevoise.com, and jrfriedl@debevoise.com, respectively. Call 1-800-543-0874 | Email customerservice@SummitProNets.com | www.fcandslegal.com
  • 3. Call 1-800-543-0874 | Email customerservice@SummitProNets.com | www.fcandslegal.com Copyright © 2015 The National Underwriter Company. All Rights Reserved. NOTE: The content posted to this account from FCS Legal: The Insurance Coverage Law Information Center is current to the date of its initial publication. There may have been further developments of the issues discussed since the original publication. This publication is designed to provide accurate and authoritative information in regard to the subject matter covered. It is sold with the understanding that the publisher is not engaged in rendering legal, accounting or other professional service. If legal advice is required, the services of a competent professional person should be sought. For more information, or to begin your free trial: • Call: 1-800-543-0874 • Email: customerservice@SummitProNets.com • Online: www.fcandslegal.com FCS Legal guarantees you instant access to the most authoritative and comprehensive insurance coverage law information available today. This powerful, up-to-the-minute online resource enables you to stay apprised of the latest developments through your desktop, laptop, tablet, or smart phone —whenever and wherever you need it.