The cybersecurity threats posed to electronic data are ever growing. Cybercriminals can cause significant losses for regulated entities as well as consumers whose private information may be exposed. Insurance companies and other organizations regulated by the New York State Department of Financial Services (NYDFS) are subject to Cybersecurity regulations (23 NYCRR 500 Cybersecurity Requirements for Financial Services Companies) as of March 1, 2017. This regulation is the first of its kind.
On August 8, 2017, the NAIC Cybersecurity (EX) Working Group followed with the adoption of its Insurance Data Security Model Law. The model law’s purpose is to establish standards for data security and for the investigation of and notification to the Commissioner of a cybersecurity event. Companies compliant with the NYDFS cybersecurity regulation are considered in compliance with the NAIC Insurance Data Security Model Law.