The New York State Department of Financial Services released its official second amendment to the cyber security regulation (23 NYCRR 500) on Nov. 1, 2023. The amendment makes multi-factor authentication mandatory for all covered entities, increases the thresholds for entities to qualify for the limited exemption, and creates a category for larger corporations, Class A entities. This regulation applies to both resident and non-resident licensees.
To help you understand all the changes and how they impact your agency, PIA has prepared a step-by-step guide to the amended regulation. The guide contains an analysis of every section of the regulation, what changes were made, and who the changes apply to.
PIA is here to help
If you have additional questions relating to these new amendments, please contact PIA’s Industry Resource Center at resourcecenter@pia.org. PIA also has partnered with TAG Solutions to help agencies with their agency-specific cyber security plans.
Shirley Albright, CPIA, CISR
Shirley Albright, CPIA, CISR, has been a cornerstone of PIA since joining the association in 1983. Over the decades, she has contributed meaningfully across numerous departments, demonstrating unwavering dedication and leadership. In 1995, Shirley played a pivotal role in launching the Industry Resource Center, where she led the development of a comprehensive software system designed to log and manage all incoming and outgoing member inquiries—an innovation that transformed the center’s operational efficiency. As director of the Industry Resource Center, Shirley oversees the center’s daily operations, including the triage and resolution of thousands of member inquiries and multiple database updates, ensuring timely and accurate support across the organization. Her industry accomplishments include earning her New York state property/casualty broker’s license and has obtaining the CPIA and CISR professional designations, underscoring her deep expertise and commitment to excellence in the insurance industry.
