An Expert Answers Your Questions About Cybersecurity

​PropertyCasualty360.com has a post up on its site today that features a question-and-answer session with Troy Stairwalt, chief information security officer of Westfield Insurance. I encourage you to read the entire article, but here are some excerpts I want to emphasize:"Here are three common ways an agency is most likely to be caught in a cyberattack:RansomwareSupply chain managementThird-party vendorsAll three represent real cyberthreats to agencies for several reasons including:Increase in cyberthreat activity;Increasing regulatory requirements and repercussions; ...New requirements simply to be eligible to apply for cyber insurance coverage. ...Industry, state and federal regulations have been — and will become — increasingly onerous in response to…

Continue ReadingAn Expert Answers Your Questions About Cybersecurity

Lessons From Recent DFS Cybersecurity Enforcement Actions

​Today is April 15, the date by which all entities regulated by the New York State Department of Financial Services must submit a statement to the department, certifying that they complied with the state's financial services cybersecurity requirements regulation​ last year. It is therefore fitting that I'm writing about two enforcement actions the department recently announced. They give some clues as to the approach the department is taking toward enforcing the regulation.Neither action involved an insurance agency or brokerage:Two very different organizations with millions of dollars in assets. Their day-to-day operations are far removed from those of the typical Big I New York member who has…

Continue ReadingLessons From Recent DFS Cybersecurity Enforcement Actions

Here’s What To Do If the DFS Emailed You About Cybersecurity

​​A lot of members have been contacting us today about emails they received from the NYS Department of Financial Services about the Cybersecurity Requirements for Financial Services Companies regulation. These emails stated that the recipient had not filed the Certification of Compliance required by the regulation. The deadline for submitting the certification was June 1, 2020. If individuals within your agency got these emails, here are some possible explanations and steps you can take:If it appears that the email was addressed to you as an individual, it is very possible that you inadvertently checked incorrect boxes when you filed the Notice of Exemption for your individual license…

Continue ReadingHere’s What To Do If the DFS Emailed You About Cybersecurity