Advocacy; Cyber

Big I NY Submits Comments on Draft Cyber Regulation Amendments

​This week, Big I NY submitted commen​ts on the DFS' pre-proposed draft amendments to the Cyber Regulation. You can read more about the draft amendments in an earlier post here.​In our comments, we recommended changes to the amendments that would help alleviate new burdens on producers, while still ensuring non-public information (NPI) is protected.Some of the key points include:Expanding the revenue threshold of the limited exemption to correspond with the proposed higher thresholds for employee count and assets, and clarifying that only independent contractors with access to NPI be counted towards the employee count.Expanding the total exemption for inactive licensees to include brokers in addition…

Continue ReadingBig I NY Submits Comments on Draft Cyber Regulation Amendments

​ Draft Amendments to Cybersecurity Amendments Announced; Big I NY to Submit Comments

​What Happened:On July 29th, the NYSDFS released a pre-proposed draft of forthcoming amendments to 23 NYCRR 500, New York's sweeping cyber regulation. The DFS proposes a wide range of changes to the regulation, including but not limited to:Require covered entities to strictly limit the number of “privileged accounts", aka those able to perform security-relevant functionsMore specific requirements for entity risk assessments, required annually and when there is a material change to risk, as opposed to “periodically."Possibly requiring employees of covered entities to develop their own third-party service provider policies. We have requested clarification on this as it would have troubling implications for individual agents.Expand the…

Continue Reading​ Draft Amendments to Cybersecurity Amendments Announced; Big I NY to Submit Comments

DFS Updates Cyber Alert in Wake of Fraudulently-Issued Insurance Policies

​Responding to an alert from Big I New York, the New York State Department of Financial Services (DFS) yesterday updated its guidance​ to financial services companies about a recent wave of cyber fraud. If your agency has a website that enables visitors to obtain instant auto insurance quotes, you should take immediate steps to protect any non-public information collected.As we reported last month​, DFS warned of a "systemic and aggressive campaign to exploit cybersecurity flaws​ in websites that provide instant insurance quotes."  The department's letter provided specific actions companies, including agencies and brokerages, could take to reduce the risk of cyber crime.On March 9, two Big I New York…

Continue ReadingDFS Updates Cyber Alert in Wake of Fraudulently-Issued Insurance Policies