Ask Tim; Cyber

Reminder: What You Need To Do For the Cybersecurity Regulation

​We are knee-deep in 2023. This is the time of year when Big I NY gets a lot of questions from members about what they have to do to comply with the Cybersecurity Requirements For Financial Services Companies regulation. Though the New York State Department of Financial Services (DFS) has proposed a number of changes to that regulation, none of them are in effect yet. Therefore, your obligations are the same this year as they were last year. Here are answers to the questions we get most frequently:The agency must complete and submit the online Certification of Compliance to the DFS between now and April…

Continue ReadingReminder: What You Need To Do For the Cybersecurity Regulation

An Expert Answers Your Questions About Cybersecurity

​PropertyCasualty360.com has a post up on its site today that features a question-and-answer session with Troy Stairwalt, chief information security officer of Westfield Insurance. I encourage you to read the entire article, but here are some excerpts I want to emphasize:"Here are three common ways an agency is most likely to be caught in a cyberattack:RansomwareSupply chain managementThird-party vendorsAll three represent real cyberthreats to agencies for several reasons including:Increase in cyberthreat activity;Increasing regulatory requirements and repercussions; ...New requirements simply to be eligible to apply for cyber insurance coverage. ...Industry, state and federal regulations have been — and will become — increasingly onerous in response to…

Continue ReadingAn Expert Answers Your Questions About Cybersecurity

Lessons From Recent DFS Cybersecurity Enforcement Actions

​Today is April 15, the date by which all entities regulated by the New York State Department of Financial Services must submit a statement to the department, certifying that they complied with the state's financial services cybersecurity requirements regulation​ last year. It is therefore fitting that I'm writing about two enforcement actions the department recently announced. They give some clues as to the approach the department is taking toward enforcing the regulation.Neither action involved an insurance agency or brokerage:Two very different organizations with millions of dollars in assets. Their day-to-day operations are far removed from those of the typical Big I New York member who has…

Continue ReadingLessons From Recent DFS Cybersecurity Enforcement Actions