In March, the New York Department of Financial Services (NYDFS) became the first financial regulator in the US to implement a cybersecurity regulation to protect its businesses from cyber crime and poor information security practices.
The Cybersecurity Requirements apply to almost all companies that fall under the authority of the NYDFS, not least the insurance industry. This does not just include banking and finance insurers, but also – for example – health insurers, life insurance companies, and property and casualty insurance companies.
Examining insurance regulations
According to credit ratings and research firm Fitch Ratings, the NYDFS’s Cybersecurity Requirements are part of a new regulatory climate that could play a part in reinforcing the rapid growth in cyber insurance. However, Fitch also warned that the Regulation “could raise compliance risks for financial institutions and, in turn, premiums and loss potential” for directors and liability insurance underwriters.
On the other hand, Therese M. Goldsmith, a partner at Hogan Lovells and a former insurance commissioner for the state of Maryland, told Insurance Business that despite a “fair amount of activity at the federal level in the US,” she believes it’s unlikely that state-level regulation will fundamentally change the insurance industry.
The activity she refers to includes, as well as the Cybersecurity Requirements, two policies proposed by President Trump. In February, he signed an executive order aimed at scaling back parts of the Dodd-Frank Act, which placed the regulation of the financial industry in the hands of the government. Mr. Trump is also attempting to delay – and potentially scrap – the fiduciary rule, which proposes to force brokers to act in customers’ best interest when giving retirement advice.
More information on the Cybersecurity Requirements
If you want to learn more about the Cybersecurity Requirements, IT Governance provides training courses and a free webinar series.
The New York DFS Cybersecurity & ISO27001 Certified ISMS Foundation Online course shows you how the international standard ISO 27001 aligns with the NYDFS’s requirements.
A more in-depth course, New York Cybersecurity & ISO27001 Certified ISMS Lead Implementer Online explains how you can lead an ISO 27001 project to help your organization fully comply with the Regulation.
Both courses end with an online examination. If you pass, you will be awarded with an ISO 27001 Certified ISMS Foundation qualification and ISO 27001 Certified ISMS Lead Implementer qualification.
Meanwhile, our next webinar, NY State’s Department of Financial Services cybersecurity regulation: How to meet requirements within deadlines, will be delivered on May 25, 2017, from 1:15 pm (ET)/10:15 am (PT).
If you can’t make the webinar, it will be available to download shortly after it finishes.
In the coming months, we’ll also be presenting webinars on:
- NY State’s cybersecurity requirements for risk management, security of applications, & the appointed CISO
- Addressing penetration testing and vulnerabilities, and adding verification measures
- Data privacy, security measures, and managing third-party service providers to meet compliance requirements