NY DFS 23 NYCRR 500 is a critical cybersecurity regulation that requires all financial companies, such as independent insurance agencies, operating in or with clients in New York State to establish and maintain a comprehensive cybersecurity program to protect their sensitive data and systems from cyber threats.
The regulation requires companies to adhere to strict data protection standards, including the establishment of a cyber risk program, regular testing and monitoring of information systems, and reporting of any incidents or breaches.
Companies must also implement policies and procedures to protect their data, train their employees in cybersecurity best practices, and ensure that third-party vendors are also compliant with the regulation.
New Amendments and what they mean:
Enhanced regulations include that if a covered entity fails to implement just 1 (ONE) part of the necessary compliance regulations, they are not counted as being within compliance and therefore failing to adhere to the law. This makes it exceptionally critical to maintain cybersecurity regulation requirements once implemented.
What do you need to comply with?
NOTE: There is no “full exemption” of the law, only limited exempt and no exempt at all.
“The exemptions are limited in scope and do not exempt you from every requirement of the Cybersecurity Regulation.” – DFS Website.
Limited Except Entities still must comply with:
All entities must file Certification of Compliance by April 15th, 2023.
In addition to NY DFS Regulations, agencies also should be aware of the new FTC Safeguards Rule and NAIC Model Laws that are also going into effect.
The Federal Trade Commission’s (FTC) Safeguards Rule, the New York State Department of Financial Services’ (DFS) 23 NYCRR 500 regulation, and the National Association of Insurance Commissioners’ (NAIC) model laws, all have similarities in their approach to cybersecurity for insurance agencies. These regulations require businesses to implement comprehensive cybersecurity programs to protect sensitive customer information from cyber threats.
It’s important to note that the Safeguards Rule aligns similarly to existing regulations for financial companies, such as New York’s Department of Financial Services 23 NYCRR 500 law and NAIC’s Model Laws currently implemented in 22 states, except that it’s at the federal level.
Read about the differences and compliance requirements for all here: The New FTC Safeguards Rule, NAIC Model Laws, NY DFS, and You | Motiva Networks Blog.
Ignorance is no excuse when it comes to cybersecurity and complying with NY DFS 23 NYCRR 500.
We at Motiva Networks can help prepare your company to be DFS Compliant. We are the only IT Firm that can assure compliance with both Insurance and State Department Cybersecurity Regulations.
Our Compliance as a Service is a “Done for You” compliance assurance where we hit every bullet point the law requires, and we monitor your systems for cyberattacks 24/7/365.
With over 25 years of experience, we at Motiva Networks can help you plan and see if your data has been compromised with a Free Confidential Cybersecurity Risk Assessment. Or you can schedule a quick 10-minute call to discuss the best options for your Agency or small business, or go over any questions you might have HERE.