To embed, copy and paste the code into your website or blog: On April 14, 2021, the New York Department of Financial Services (“DFS”) announced a cybersecurity settlement with insurance company National Securities Corporation, which suffered four separate breaches, two of which went unreported in violation of 23 NYCRR § 500.17(a). The settlement not only includes a monetary penalty but also mandates increased training and implementation of security tools, and underscores the urgency of addressing cybersecurity threats and DFS’s increasing enforcement activity for non-compliance with its cyber regulations. The settlement, one of a few just beginning to be released after the 2017 implementation of the Cybersecurity Regulation, 23 NYRR § 500, provides insurers and other companies a window into how DFS interprets and enforces this regulation.