To embed, copy and paste the code into your website or blog:
This month, the Illinois Department of Insurance issued guidance to insurers recommending assessments in response to a Microsoft Exchange vulnerability, detailed in the guidance. In the Bulletin dated May 5, the Department encourages regulated entities to “assess the risk to their systems and consumers and take steps necessary to address vulnerabilities and customer impact.” The Bulletin states that such assessment should identify “any use of these products by critical third parties.”
The Illinois Bulletin follows similar guidance from the New York Department of Financial Services (NYDFS) regarding Microsoft Exchange and SolarWinds’ vulnerabilities:
On April 14, 2021, the NYDFS announced a settlement with National Securities Corporation, a licensed insurer, in connection with claims under the NYDFS Cybersecurity Regulation (23 NYCRR Part 500).
To embed, copy and paste the code into your website or blog:
The Cybersecurity Division of the New York State Department of Financial Services (DFS) continues to ramp up enforcement of the Cybersecurity Regulation. In two recent settlements, DFS has begun to offer insight into how it intends to enforce the Cybersecurity Regulation, 23 NYCRR Part 500. We previously covered the Cybersecurity Regulation here.
In both cases, DFS focused on failures by the regulated entities to report cyber breaches in a timely manner as required by the Cybersecurity Regulation. Both matters also involved breaches of company email systems and failure to adequately control access to systems containing sensitive personal customer data. As discussed below, these settlements highlight three core requirements of the Cybersecurity Regulation: timely reporting of breaches (23 NYCRR 500.17); implementation of a cybersecurity risk assessment (23 NYCRR 500.9); and implementation of adequate access controls, inclu
To embed, copy and paste the code into your website or blog:
The Excess Line Association of New York (“ELANY”) delivered its April 2021 issue of the “E&S Empire Express,” a publication designed to provide an overview of ELANY’s recent activities, including employment changes, regulatory efforts, upcoming events, and general guidance. Some of the highlights of the April issue are as follows:
Cybersecurity Regulation Compliance Change: ELANY has organized a coalition of seven New York producer trade groups to ask the New York Department of Financial Services to amend Cybersecurity Regulation (23 NYCRR 500) to provide an exemption from compliance for those New York licensed producers who do not actively engage in licensed activity. Specifically, the letter sent to the DFS asks that the FAQs to the regulation be amended to fully exempt from compliance any licensed producers who “do not act or aid in any manner in soliciting, negotiating or selling any insurance, health main
To embed, copy and paste the code into your website or blog:
On April 14, 2021, the New York Department of Financial Services (DFS) announced it settled an enforcement action against National Securities Corporation (“National Securities”) related to claims under the Cybersecurity Regulation, 23 NYCRR Part 500. The Consent Order imposes a $3 million penalty, various remediation measures and represents a flurry of cybersecurity activity by the regulator in the first quarter of 2021. Over the last two months DFS settled two enforcement actions and issued amended charges against First American, the first charges under the Cybersecurity Regulation, originally announced less than a year ago.
April 14, 2021, Settlement