Filed Under:Risk Management, Cybersecurity

New York regulator rolls out cybersecurity proposals for insurance, banks

The biggest impact of the new regulations is likely to be on small banks and insurers, which may now need to bring their cyber programs up to at least a minimum standard. (Photo: Shutterstock)
The biggest impact of the new regulations is likely to be on small banks and insurers, which may now need to bring their cyber programs up to at least a minimum standard. (Photo: Shutterstock)

(Bloomberg) -- New York state is proposing new rules requiring banks and insurance companies to establish cybersecurity programs and designate an internal cybersecurity officer, in what Gov. Andrew Cuomo described as a "first-in-the-nation" move to codify cyber safety policies.

The new regulations, proposed by New York’s Department of Financial Services, will apply only to banks and other financial services companies licensed by the Empire State and not to nationally chartered institutions. But as the first regulator to issue guidelines involving cybersecurity, the DFS could set an example for other regulators at the state and federal level. The proposed regulation is subject to a 45-day notice and public comment period before final adoption.

The proposed rules come after some of the world’s biggest banks — including JPMorgan Chase & Co. and HSBC Group — have reported significant cyber intrusions and U.S. corporations in general have been frequent targets of hacking.

Minimum standard


Large banks and insurance companies have built their own cybersecurity programs in recent years, often at expenses of hundreds of millions of dollars. The biggest impact of the new regulations is likely to be on small banks and insurers, which may now need to bring their cyber programs up to at least a minimum standard.

In announcing the proposals, Cuomo said the regulations would "guarantee the financial services industry upholds its obligation to protect consumers and ensure that its systems are sufficiently constructed to prevent cyber-attacks to the fullest extent possible."

DFS Superintendent Maria Vullo said: "Regulated entities will be held accountable and must annually certify compliance with this regulation by assessing their specific risk profiles and designing programs that vigorously address those risks."

Related: Cybersecurity 'has to be everyone's problem' says former NYPD commissioner

Copyright 2017 Bloomberg. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

Featured Video

Most Recent Videos

Video Library ››

Top Story

3 ways to ease the business interruption claims process

The biggest challenge for companies managing business interruption (BI) claims: Accurately quantifying their losses.

Top Story

Live from Philly: Day two of RIMS 2017

The second full day at RIMS 2017 was full of educational sessions, productive meetings and lots of fun on the exhibit hall floor.

More Resources

Comments

eNewsletter Sign Up

PropertyCasualty360 Daily eNews

Get P&C insurance news to stay ahead of the competition in one concise format - FREE. Sign Up Now!

Mobile Phone

Advertisement. Closing in 15 seconds.