To embed, copy and paste the code into your website or blog:
In a recent letter to insurers, the New York State Department of Financial Services (“NYDFS”) acknowledged the key role cyber insurance plays in managing and reducing cyber risk – while also warning insurers that they could be writing policies that have the “perverse effect of increasing cyber risk.” If a cyber insurance policy does not incentivize the insured to maintain a robust cyber security program, the insurer can end up bearing excessive risk when the customer leans on the policy as their business continuity plan.
You may be wondering “What does this have to do with my business? I don’t do any business in NY state.” However, your insurer might be subject to the NYDFS cybersecurity regulation (23 NYCRR 500) and, if so, likely received this letter.
DFS Provides Framework For Cybersecurity Risk | Rivkin Radler LLP jdsupra.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from jdsupra.com Daily Mail and Mail on Sunday newspapers.
On February 4, the New York Department of Financial Services (DFS) released the Cyber Insurance Risk Framework (Framework), which is considered the first guidance by a U.S. regulator on.
Obtain Cybersecurity Expertise; and
Require Notice to Law Enforcement.
Each of these elements is important, but we call particular attention to elements 3, 4, and 7.
Regarding #3, DFS notes that evaluating systemic risk is an urgent issue in today’s marketplace, where businesses increasingly rely on a handful of providers for authentication, cloud services, and other important functions. The Framework document references the recent SolarWinds attack as an example of a vendor supply chain issue having a widespread impact. It also expresses concern about the possibility of an incident at a major cloud provider. While cyber insurers are unlikely to view the Framework as requiring that businesses adopt specific technologies to mitigate systemic risk, it will likely result in cyber insurers increasing their oversight and potentially focusing on new issues such as vendor diversification, to limit outsized impacts that might result from an incident at a larger vendor.
In what the New York Department of Financial Services (NYDFS) is touting as the first guidance by a U.S. regulator on cyber insurance, NYDFS announced on February 4, 2021, in Insurance.