Ask Tim; Cyber; Industry News

​A South Carolina based wholesale insurance brokerage reported last week that they had suffered an undescribed cybersecurity incident. It closed the wholesaler for a substantial part of the week.Some Big I New York members have asked whether the New York financial services cybersecurity regulation​ obligates them to notify the state Department of Financial Services (DFS) about this incident. If your agency does business with that wholesaler, you may have the same question.Based on the information we have received and what the wholesaler has said on its website, we do not believe New York agencies have an obligation under the regulation to report this incident to…

​In the five and a half years since the New York State Department of Financial Services implemented its Cybersecurity Requirements For Financial Services Companies​ regulation, I had yet to hear of an insurance producer being penalized for violations. Until this week. As is my habit, I checked the department's website first thing Monday morning and found a news release they had issued last Friday, June 24. The release announced a $5 million penalty against an insurance producer for violations of the regulation. I should mention that this wasn't any ordinary insurance producer. It was Carnival Cruise Line, the high-profile provider of ocean cruises whose annual revenue shrank to…