Ask Tim; Cyber

Deadline For New Cybersecurity Reg Requirments is Nov. 1

​We want to remind all Big I New York members of the upcoming deadline for complying with new cybersecurity requirements. The New York State Department of Financial Services (DFS) last November 1 amended its Cybersecurity Requirements for Financial Services Companies regulation. That amendment included several changes. Some of the changes took effect immediately. The deadlines for others were this past spring, with the deadlines for the rest next month and next year.Many of the regulation's 24 sections do not apply to businesses that qualify for the “limited exemption." A business qualifies for the limited exemption if any one of the following three things are true…

Continue ReadingDeadline For New Cybersecurity Reg Requirments is Nov. 1

NYS DFS Offers New Cyber Program Template

​The New York State Department of Financial Services (DFS) this week unveiled a new model Cybersecurity Program Template for use by small businesses including insurance agencies. All independent insurance agencies should consider using this template as the model for their cybersecurity programs. New York's financial services cybersecurity regulation requires all agencies to implement cybersecurity programs. In a guidance letter dated May 13, 2024, the department stated that the model "prompts licensees to carefully consider and address the core concepts of a cybersecurity program in order to help create a program that complies with the requirements of the Cybersecurity Regulation." It also includes frameworks for developing and…

Continue ReadingNYS DFS Offers New Cyber Program Template

The Cybersecurity Certification of Compliance Has Changed

​Entities that the New York State Department of Financial Services (DFS) will soon complete the compliance filings that the financial services cybersecurity regulation requires. This year they will notice a change. The DFS regulates entities in the banking, financial services, and insurance sectors. These entities must submit a statement by April 15 each year about the state of their compliance with the regulation's requirements. Before this year, they had to submit a statement that they were complying with them during the prior calendar year. An amendment to the regulation that took effect last November 1 expanded that requirement. Entities will have to complete and submit…

Continue ReadingThe Cybersecurity Certification of Compliance Has Changed