Ask Tim; Cyber

REMINDER: Cyber Reg Certification Due This Weekend

​The deadline for submitting the annual certification of compliance with New York's cybersecurity regulation for financial services companies is this Saturday, April 15. If you haven't submitted the certification for your agency yet, you must do so by the end of the day Saturday.The certification is one of the requirements in the New York State Department of Financial Services (DFS) regulation Cybersecurity Requirements For Financial Services Companies, which is Part 500 of Title 23 of the New York Codes, Rules and Regulations (23 NYCRR 500.) Subsection (b) of Section 500.17 states:"Annually each covered entity shall submit to the superintendent a written statement covering the prior…

Continue ReadingREMINDER: Cyber Reg Certification Due This Weekend

Reminder: What You Need To Do For the Cybersecurity Regulation

​We are knee-deep in 2023. This is the time of year when Big I NY gets a lot of questions from members about what they have to do to comply with the Cybersecurity Requirements For Financial Services Companies regulation. Though the New York State Department of Financial Services (DFS) has proposed a number of changes to that regulation, none of them are in effect yet. Therefore, your obligations are the same this year as they were last year. Here are answers to the questions we get most frequently:The agency must complete and submit the online Certification of Compliance to the DFS between now and April…

Continue ReadingReminder: What You Need To Do For the Cybersecurity Regulation

An Expert Answers Your Questions About Cybersecurity

​PropertyCasualty360.com has a post up on its site today that features a question-and-answer session with Troy Stairwalt, chief information security officer of Westfield Insurance. I encourage you to read the entire article, but here are some excerpts I want to emphasize:"Here are three common ways an agency is most likely to be caught in a cyberattack:RansomwareSupply chain managementThird-party vendorsAll three represent real cyberthreats to agencies for several reasons including:Increase in cyberthreat activity;Increasing regulatory requirements and repercussions; ...New requirements simply to be eligible to apply for cyber insurance coverage. ...Industry, state and federal regulations have been — and will become — increasingly onerous in response to…

Continue ReadingAn Expert Answers Your Questions About Cybersecurity