NYDFS cybersecurity: Acquiring insurance

Over the past few months, we’ve discussed how the New York Department of Financial Services’ (NYDFS) Cybersecurity Requirements will affect a number of sectors, including the insurance industry. But now, over halfway through the Regulation’s 180-day transition period, the New York Business Journal (NYBJ) claims there’s another, more positive way in which the insurance industry will be affected. Namely, it will see a spike in business.

Insuring against cyber events

The NYBJ believes the Regulation’s focus on C-suite responsibility for cybersecurity is likely to effect the insurance coverage of covered entities:

[T]he new duties imposed on senior-level management and the CISO, in addition to record-keeping and other reporting requirements, increase the possibilities of the need to turn to insurance coverage in the event [of] a cybersecurity event.

The journal recommends that policyholders work with their insurance brokers, risk management teams, and cybersecurity teams to review existing policies to determine whether their current insurance program will respond to issues arising from the new requirements.

For some of these policies, such as directors and officers (D&O), which generally provide coverage for senior-level management in connection with regulatory reporting, “the team reviewing the insurance program should ensure that there are no gaps in coverage in relation to cyber issues.”

Similarly, when it comes to cyber coverage, the team will “want to check [their coverage] to ensure there are no gaps in relation to regulatory reporting issues.” They will also want to check that “any limits or sub-limit associated with items such as fines and penalties, investigation costs, legal costs, and settlements will be adequate in the face of the new regulations.”

With this in mind, the NYBJ advises any organisation regulated by the NYDFS to review its insurance program. You may well need to change your coverage.

NYDFS webinar series

If you want to learn more about the NYDFS’s Cybersecurity Requirements, you should register for IT Governance’s upcoming webinars on the topic.

Our next webinar, NY State’s cybersecurity requirements for risk management, security of applications, & the appointed CISO, will take place on June 28, 2017, from 1:15 pm (EDT)/10:15 am (PDT).

It will provide an overview of the CISO’s role and explain how to set up and maintain a risk management program that aligns with the Regulation.

If you can’t make the webinar, it will be available to download shortly after it finishes. From our website, you can also find past webinars in the series, which you can download or watch online. We’ve previously covered:

  • NY State’s Department of Financial Services cybersecurity regulation: How to meet requirements within deadlines
  • Addressing penetration testing and vulnerabilities, and adding verification measures
  • Data privacy, security measures, and managing third-party service providers

Find out more about our webinars >>