Ask Tim; Cyber

NYS DFS Offers New Cyber Program Template

​The New York State Department of Financial Services (DFS) this week unveiled a new model Cybersecurity Program Template for use by small businesses including insurance agencies. All independent insurance agencies should consider using this template as the model for their cybersecurity programs. New York's financial services cybersecurity regulation requires all agencies to implement cybersecurity programs. In a guidance letter dated May 13, 2024, the department stated that the model "prompts licensees to carefully consider and address the core concepts of a cybersecurity program in order to help create a program that complies with the requirements of the Cybersecurity Regulation." It also includes frameworks for developing and…

Continue ReadingNYS DFS Offers New Cyber Program Template

The Cybersecurity Certification of Compliance Has Changed

​Entities that the New York State Department of Financial Services (DFS) will soon complete the compliance filings that the financial services cybersecurity regulation requires. This year they will notice a change. The DFS regulates entities in the banking, financial services, and insurance sectors. These entities must submit a statement by April 15 each year about the state of their compliance with the regulation's requirements. Before this year, they had to submit a statement that they were complying with them during the prior calendar year. An amendment to the regulation that took effect last November 1 expanded that requirement. Entities will have to complete and submit…

Continue ReadingThe Cybersecurity Certification of Compliance Has Changed

Limited Exempt Agencies: Here Are the Sections of the Cyber Reg You Must Comply With

​With the New York State Department of Financial Services' (DFS) recent adoption of the second amendment to the Cybersecurity Requirements For Financial Services Companies regulation​, members have naturally been contacting us to ask what they're required to do. The overwhelming majority of Big I NY members qualify for the limited exemption. If you're agency is one of them, here are the sections of the regulation you must comply with regardless of your agency's size:Section 500.2, Cybersecurity Program - you must have a program in place to protect your computer network and any nonpublic information (NPI) stored on it. The program is made up of the devices…

Continue ReadingLimited Exempt Agencies: Here Are the Sections of the Cyber Reg You Must Comply With