New York Division of Financial Services Announces Targeted Cyber Security Assessments of Insurance Companies

Insurance Law Alert

February 17, 2015

Cynthia J. Borrelli

Cynthia J. Borrelli


Related Services
Insurance

Superintendant of Financial Services, Benjamin Lawsky, announced on February 8, 2015, that the New York Department of Financial Services (DFS) had released a report on cyber security in the insurance industry as well as a series of initiatives DFS will take to facilitate protection against cyber hacking at insurers.

Preventative measures include:

  • regular, targeted assessments of cyber security preparedness at insurance companies as part of DFS’s examination process;
  • enhanced regulations requiring institutions to provide tighter standards for cyber security; and
  • examination of stronger measures by insurers related to the representations and warranties received from third party vendors, as well as other initiatives.

DFS’s report and initiatives come on the heels of recent cyber security breaches and its survey with respect to cyber security at a significant cross-section of New York regulated entities.

Surprisingly, the survey revealed that it was not the largest and most financially sophisticated companies which had the most robust cyber defense mechanisms in place.

Lawsky’s efforts to strengthen cyber security in the industry follow his December 2014 guidance to all New York regulated banks outlining the specific issues and factors on which those institutions will be examined as part of a new, targeted DFS cyber security preparedness assessment.

Finally, DFS has issued a consumer alert for Anthem (owner of Empire Blue Cross Blue Shield) as a result of the recent data breach at that company.

For more information, please contact Cynthia J. Borrelli.