To embed, copy and paste the code into your website or blog:
On April 14, 2021, the New York Department of Financial Services (“DFS”) announced a cybersecurity settlement with insurance company National Securities Corporation, which suffered four separate breaches, two of which went unreported in violation of 23 NYCRR § 500.17(a). The settlement not only includes a monetary penalty but also mandates increased training and implementation of security tools, and underscores the urgency of addressing cybersecurity threats and DFS’s increasing enforcement activity for non-compliance with its cyber regulations.
The settlement, one of a few just beginning to be released after the 2017 implementation of the Cybersecurity Regulation, 23 NYRR § 500, provides insurers and other companies a window into how DFS interprets and enforces this regulation.
To print this article, all you need is to be registered or login on Mondaq.com.
On April 14, 2021, the New York Department of Financial Services
(DFS) announced it settled an enforcement action
against National Securities Corporation ( National
Securities ) related to claims under the Cybersecurity
Regulation, 23 NYCRR Part 500. The Consent Order imposes a $3 million penalty,
various remediation measures and represents a flurry of
cybersecurity activity by the regulator in the first quarter of
2021. Over the last two months DFS settled two enforcement actions
and issued amended charges against First American, the first charges under the Cybersecurity
Regulation, originally announced less than a year ago.
New York Warns of Supply Chain Attack Dangers in Recent SolarWinds Report
The next great financial crisis could come from a cyber attack.
At least, that’s according to New York State Department of Financial Services (DFS) Superintendent Linda Lacewell in a statement regarding DFS’ recent report outlining its investigation into the SolarWinds attack. The report summarizes the attack, the response by DFS-regulated companies and key measures to prevent future events of a similar nature.
“Seeing hackers get access to thousands of organizations in one stroke underscores that cyber attacks threaten not just individual companies but also the stability of the financial industry as a whole,” Lacewell said.
Date
27/04/2021
The New York State Department of Financial Services (“the Department” or “DFS”) today released a report on the Department’s investigation of the New York’s financial services industry’s response to the supply chain attack of the information technology (“IT”) company SolarWinds (“the SolarWinds Attack”). During the SolarWinds Attack, hackers corrupted routine software updates that were downloaded onto thousands of organizations’ information systems.
“This incident confirms that the next great financial crisis could come from a cyber attack,” said Superintendent of Financial Services Linda A. Lacewell. “Seeing hackers get access to thousands of organizations in one stroke underscores that cyber attacks threaten not just individual companies but also the stability of the financial industry as a whole.”
To print this article, all you need is to be registered or login on Mondaq.com.
On March 3, 2021, the New York Department of Financial Services
(DFS) announced that Residential Mortgage Services,
Inc. ( Residential Mortgage or the Company )
would pay a $1.5 million penalty for violations of the
Cybersecurity Regulation, 23 N.R.C.R.R. Part 500. Just six weeks
later, on April 14, 2021, DFS announced (https://www.dfs.ny.gov/reports and publications/press releases/pr202104141)
another settlement agreement with insurance brokerage firm National
Securities Corporation ( National Securities or the Firm ). These two enforcement actions under the
Cybersecurity Regulation coming in quick succession, and just