Insurers Grappling With NY Cybersecurity Regs; More States To Follow - InsuranceNewsNet

Get access to exclusive stories you won’t find anywhere else. Get Access

InsuranceNewsNet

Sign in
  • Subscribe
  • About
  • Advertise
  • Contact
Home Now reading INN Exclusives
Topics
  • Life Insurance
  • Annuity News
  • Health/Employee Benefits
  • Property & Casualty
  • Advisor News
  • Washington Wire
  • Sponsored Content
  • INN Exclusives
  • Newswires
  • INNsider
  • INN Exclusives
  • NewsWires
  • Magazine
Sign in or register to be an INNsider.
  • INN Exclusives
  • NewsWires
  • ★ Regulation News
  • Magazine
  • About
  • Advertise
  • Editorial Staff
  • Contact
  • Susbcribe

Get Social

  • Facebook
  • Twitter
  • LinkedIn
  • Google+
Insider
INN Exclusives
INN Exclusives RSS Get our newsletter
Order Prints Share
September 6, 2018 INN Exclusives No comments Views: 98

Insurers Grappling With NY Cybersecurity Regs; More States To Follow

By John Hilton InsuranceNewsNet

Cybersecurity is back in the news as banks, insurers and other financial entities faced another tough compliance hurdle in New York.

The Sept. 4 deadline brought another host of requirements contained within New York's tough cybersecurity initiative approved last year. The New York Department of Financial Services passed its own rules without waiting for state insurance commissioners, who later amended its model law to resemble the New York effort.

“New York stepped into the void and took decisive action to ensure appropriate minimum standards protecting financial institutions’ data systems, including consumers’ sensitive personal information," said Maria T. Vullo, superintendent of the DFS. "These new protections, which include encryption, access controls and audit trails, add crucial tools to the regulation’s prior requirements in protecting the institutions and consumers.”

The deadline requires companies to have started mandatory annual reporting to the board by its Chief Information Security Officer on critical aspects of the cybersecurity program, and have an audit trail designed to reconstruct material financial transactions.

Also, companies must implement encryption to protect nonpublic information held or transmitted by the company. There are other requirements as well.

"There are penalties that could apply if you have not taken some of the measures that are defined in this regulation," said Patrick Knight, senior director of cyber strategy and technology for Veriato. "For example, if there is a breach, it’s specified that once a breach is identified you have a 72-hour window to start notifying those affected by it. Well, 72 hours can go by very quickly if you don’t know what you’re doing."

Spreading To Other States

New York might have gone first, but it will not be the last state to tackle cybersecurity regulations. As of May, there were at least 36 other states, including the District of Columbia and Puerto Rico, working on some type of regulation for cybersecurity in financial services, said Ari Vared, senior director of product at CyberPolicy and CoverHound.

"Overall, I think there’s a movement," he added. "Where it stands today is a moving target. Obviously, New York has put the strongest stake in the ground and is leading the way in a lot of ways."

New York found a way to limit the impact on smaller companies through exemptions.

Retail financial advisors with fewer than 1,000 customers, less than $5 million in gross annual revenue and less than $10 million in year-end assets benefit from a “limited exemption,” according to the NYDFS regulations.

But there are no exemptions for third parties doing business as affiliated service providers with banks, insurance companies and distributors.

"The larger organizations have the resources and the money to absorb this and it won’t be a big impact," said Jamie Pickles, general manager of insurance for Jornaya, a marketing and technology consulting company. "Smaller organizations are mostly exempt, so it will be the mid-sized companies that will be impacted the most."

New York regulators say the far-reaching proposal is necessary to protect the public interest. Recent data breaches point to network threats from abroad that are able to penetrate as deep as the U.S. election process.

Not Just Hackers

The cybersecurity regulations cover not just outside hackers. Companies are required to provide oversight of anyone who has access to their data.

"Organizations that are collecting data and have data on people stored in databases, they need to have monitoring of the people who have access to that information to make sure they’re handling it properly," Knight said.

"To make sure that they’re not downloading all of the contents of that database and taking it to a competitor. Or to post it on the dark web. This is the world we live in now."

The New York cybersecurity rules will take full effect in March 2019.

InsuranceNewsNet Senior Editor John Hilton has covered business and other beats in more than 20 years of daily journalism. John may be reached at [email protected]

© Entire contents copyright 2018 by InsuranceNewsNet.com Inc. All rights reserved. No part of this article may be reprinted without the expressed written consent from InsuranceNewsNet.com.

 

 

 

Older

Ohio National To Lay Off 300, Drop Annuity Lines

Newer

Competitors In Line To Profit From Ohio National Dropping Annuities

Advisor News

  • Buttigieg Retirement Plan ‘Impressive,’ But How Will He Pay For It?
  • Americans Say They’ll Be Better Off Financially In 2020: Fidelity Survey
  • Vanguard: Expect 2020 U.S. Economic Growth To Tail Off
  • Rep. Waters: House Passes Financial Services Bill Banning Insider Trading
  • LPL Financial Launches No-Transaction-Fee, Exchange-Traded Fund Network
More Advisor News

Annuity News

  • Wink Unveils Beefed Up AnnuitySpecs Tool
  • Plaintiffs Abandon Lawsuit Targeting Security Benefit Proprietary Index
  • NAIC Regulators Move Annuity Sales Model Forward
  • Robert Kerzner Joins PHP Agency’s Board Of Directors
  • Patriot Life Insurance Co. Boosts Life & Annuities Underwriting Capabilities
More Annuity News

Health/Employee Benefits

  • Buttigieg Retirement Plan ‘Impressive,’ But How Will He Pay For It?
  • Supreme Court To Hear Case Seeking $12B In ACA Payments
  • McKesson Unveils Insight Into 2020 Hospital Pharmacy Trends
  • Study: Workers Who Go On Disability Leave Are At Risk For Retirement Readiness
  • Column: Medicaid Expansion Moves Virginia Forward
More Health/Employee Benefits

Life Insurance

  • Nationwide Named Official Insurance Partner Of Minor League Baseball
  • Pacific Life Sells Aviation Capital Group To Tokyo Century Corp.
  • Robert Kerzner Joins PHP Agency’s Board Of Directors
  • Florida Man Convicted Of Murdering Wife For Life Insurance
  • LIMRA: 3Q Life Insurance Sales Driven By 7% Bump In IUL
More Life Insurance

Featured Offers

Text Ads

Press ReleasesAll press releases

  • Life Health Insurance, Investment and Retirement Planning Powerhouse AmeriLife® Expands its Platform of Advanced Life Insurance Services with Acquisition of Agent Support Group
  • Brookstone Capital Management Expands Darryl Ronconi’s Role, Naming Him President and Chief Operating Officer
  • WoodmenLife Launches Unified Selling Experience for Agents with iPipeline
  • National Western Life Selects Equisoft to Accelerate its Growth Strategy
  • Peter M. Bakker Agency awarded first Insurance Agency Apprenticeship in the State of Connecticut
Add your Press Release >

Topics

  • Life Insurance
  • Annuity News
  • Health/Employee Benefits
  • Property and Casualty News
  • Advisor News
  • Washington Wire
  • Regulation

Top Sections

  • INN Exclusives
  • INN Insider

Our Company

  • About
  • Editorial Staff
  • Advertise
  • Contact

Sign up for our FREE e-Newsletter!

Get breaking news, exclusive stories, and money- making insights straight into your inbox.

select Newsletter Options
Facebook Linkedin Twitter Google+
© 2019 InsuranceNewsNet.com, Inc. All rights reserved.
  • Terms & Conditions
  • Privacy Policy
  • Sitemap
  • AdvisorNews

Sign in with your INNsider Account

Not registered? Become an INNsider.