New York’s cybersecurity regulation went into effect in 2017 (see prior post), and the New York Department of Financial Services (“DFS”) has begun to take action for inaction. This has the potential to impact insurance agents/brokers and their agencies. In addition to a wide range of licensed financial entities, the regulation applies to all New York licensed insurance agencies and agents, both resident and non-resident.
An action was filed against First American Title Insurance in 2020 for exposing consumers personal information and failing to promptly correct vulnerabilities (here). A second action resulted in a settlement with Residential Mortgage Services Inc. in March of 2021 (here & here). An employee was the victim of a phishing attack in which the employee’s email user credentials were compromised. The enforcement action was the result of a failure to report the breach, among other failures.
The cybersecurity regulation contains various requirements that apply to companies regulated by DFS, such as banks and insurance companies [and New York licensed insurance agents and agencies]. Among other things, the regulation requires companies to adopt a cybersecurity program to protect consumers’ private information and to conduct periodic risk assessments of their information systems. In addition, the regulation requires companies to provide notice to DFS within 72 hours of certain cybersecurity incidents.
The regulation applies to any insurance agency and individual licensed in New York, even non-residents. So if an agency is not licensed in New York, but an individual is, the individual still must be compliant. And all NY licensees must comply; no one is exempt. There is an exemption provision, but it is not an exemption from the regulation. The exemption provision exempts certain smaller licensees from a few of the requirements (prior post).
A few resources for Insurance Agents/Brokers are listed below:
Note – some of these references were written when the regulation was first implemented.
Specialty Insurance Blog – News & Commentary on Specialty Insurance – with an Emphasis on Professional Liability Insurance
Also, see the related Innovate Insurance Blog – Innovation & Entrepreneurship in Insurance