FIRST AMERICAN was the first company fined by the Department of Financial Services of New York for non-compliance of their Cybersecurity NYCRR 500 law. If they can only had avoided it by a Third Party Assessment, read here:

New York Regulator Charges First American Unit Over 2019 Data Breach

On July 29th 2022, NYDFS released a set of Draft Amendments imposing updated rules to current policy and while the proposed changes are still being reviewed, it is important that insurance companies understand and prepare for these changes should they go into effect. This is what Insurance Companies need to know.

The new amendments now include a mandatory 24-hour notification for cyber-ransom payments, annual independent, third-party cybersecurity audits, and increased requirement for overseeing boards level of expertise on cybersecurity, among other new regulations.

Read here for more about the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity, the International Standards Organization (ISO) 27001 Information Security Management, and DFS’s Ransomware Guidance outlines.

The new minimum proposed standards will be more stringent than those found in the current regulations.

Covered entities, and Class “A” Companies (entities with over 2,000 employees or over $1 billion in gross annual revenues averaged over the last three years) must maintain a cybersecurity program based on the individual company’s risk assessment which has to perform key and core functionality such as, internal and exteral risk evaluations, defensive infrastructure, risk event detection, and risk response and reporting.

Under the new proposed amendments, companies must:

Insurance Companies must take steps to ensure that their cyber programs are compliant with not only the current regulations but also with proposed changes.

We at Motiva Networks can help prepare your company to be DFS Compliant. We are the only IT Firm that can assure compliance with both Insurance and State Department Cybersecurity Regulations. Our Compliance as a Service is a “Done For You” compliance assurance where we hit every bullet point the law requires, and we monitor your systems for cyberattacks 24/7/365.

Claim your FREE Cybersecurity Risk Assessment today.