The New York State Department of Financial Services released its official second amendment to the cyber security regulation (23 NYCRR 500) on Nov. 1, 2023. The amendment makes multi-factor authentication mandatory for all covered entities, increases the thresholds for entities to qualify for the limited exemption, and creates a category for larger corporations, Class A entities. This regulation applies to both resident and non-resident licensees.
To help you understand all the changes and how they impact your agency, PIA has prepared a step-by-step guide to the amended regulation. The guide contains an analysis of every section of the regulation, what changes were made, and who the changes apply to.
PIA is here to help
If you have additional questions relating to these new amendments, please contact PIA’s Industry Resource Center at resourcecenter@pia.org. PIA also has partnered with TAG Solutions to help agencies with their agency-specific cyber security plans.
Shirley Albright, CPIA, CISR
Shirley Albright, CPIA, CISR, joined PIA in 1983 and has worked in many facets of the association over the years. In 1995, she was an integral part of establishing the Industry Resource Center to include the development of the software system to record and track all incoming and outgoing inquiries. She quickly moved from industry resource representative to assistant director and eventually to her current position as director. Currently, Shirley oversees the daily operations of the Industry Resource Center to include the triage of thousands of incoming member inquiries. Her other accomplishments include obtaining her New York state property/casualty broker’s license, CPIA and CISR designations.
