New York Proposes Cybersecurity Regulation for Insurance Companies, Banks, Financial Institutions
New York State has proposed a new regulation that requires insurance companies, banks, and other financial services institutions regulated by the New York State Department of Financial Services (DFS) to establish and maintain a cybersecurity program designed to protect consumers and ensure the safety and soundness of New York State’s financial services industry, reports Jason O. Balogh, a partner with Hickey Smith LLP.
If enacted, this change would bring the first statewide regulation mandating that insurance companies, banks, and other financial institutions create such a program. The regulation would set forth fairly general minimum standards, Balogh explains in the article published on the firm’s website.
“Among other requirements, under the proposed regulation, insurance companies, banks, and other financial institutions would be required to set out detailed plans for handling data breaches, increase their monitoring of how third-party vendors handle and secure data, and appoint a chief information security officer. While many insurance companies, banks, and other financial institutions will find that elements of the proposed regulation are similar to those found in existing regulatory and technical guidance, they have not previously been required as a matter of law,” Balogh writes.