The deadline for insurance companies and other regulated entities and licensed persons covered by the cybersecurity regulation issued by the New York Department of Financial Services ("DFS") to file the first certificate of compliance is approaching; the deadline is February 15, 2018.

In addition, the DFS said in a statement that it now will be incorporating cybersecurity in all examinations, including adding questions related to cybersecurity to "first day letters," which are notices the DFS issues to commence its examinations of insurance companies and other financial services companies for safety and soundness and market conduct.

"The DFS compliance certification is a critical governance pillar for the cybersecurity program of all DFS regulated entities," said the DFS superintendent, Maria T. Vullo. "DFS's regulation requires each entity to have an annual review and assessment of the program's achievements, deficiencies, and overall compliance with regulatory standards and the DFS cybersecurity portal will allow the safe and secure reporting of these certifications. DFS's goal is to prevent cybersecurity attacks, and we therefore will now include cybersecurity in all DFS examinations to ensure that proper cybersecurity governance is being practiced by our regulated entities. As DFS continues to implement its landmark cybersecurity regulation, we will take proactive steps to protect our financial services industry from cyber criminals."