New York's insurance regulator says his department has sentletters to 31 of the state's largest insurance companies askingwhat steps they are taking to keep data safe from cyberthreats as part of the governor's effort to protect criticalinfrastructure and information systems.

"The extraordinarily sensitive health, personal, and financialinformation that New Yorkers entrust to their insurance companiesis a virtual treasure trove for hackers," says Gov. Andrew M.Cuomo, in a statement. "We're intensely focused on making sure thatbanks have the protections in place they need, but we always haveto keep at least one eye on the lookout for the next big threat.It's vital that we stay ahead of the curve on cyber securitybecause we know hackers aren't going to give us any breathingroom."

The New York Department of Financial Services, which regulatesboth the state's banks and insurers, sent carriers a "308 letter,"which legally requires them to respond to the request.

The department wants information on the "policies and proceduresthey have in place to protect against cyber-attacks." Specifically,the state wants data on any cyber-attack the company hasexperienced the past three years; what safeguards they have inplace; their information technology management policies; resourcesand spending dedicated to cyber security, and risk managementcontrols the carrier has instituted.

Of the 31 companies 11 are P&C companies:

• American International Group
• Allstate
• Berkshire Hathaway (GEICO)
• Chubb
• The Hartford
• Liberty Mutual
• Nationwide
• Progressive
• State Farm
• Tower Group
• Travelers

The request is part of Cuomo's initiative to create the CyberSecurity Advisory Board, co-chaired by Superintendent of FinancialServices Benjamin M. Lawsky, to advise on developments in cybersecurity and make recommendations to protect informationsystems.

Lawsky says cyber security is an issue overlooked at insurancecompanies, but protecting the sensitive customer data they handleis "too important to get caught in a blind spot." A similar requestfor information was sent to the largest banks earlier thisyear.

"We need to make sure that those insurance records are protectedfrom hack attacks that could put New Yorkers at risk," he adds, ina statement.

New York Insurance Association President Ellen Melchionni saysinsurers "take their duty to protect their customers veryseriously—which includes the security of policyholderinformation."

She says her association will work collaboratively withregulators. Both parties share the same goal—to protect consumers,Melchionni adds.