Those individuals who hold a New York state insurance license (covered entities), including nonresident licensees, have until Saturday, April 15, 2023, to certify their compliance with the requirements of New York state’s cyber security regulation (23 NYCRR 500) for...
Real-life data breaches, experienced by real-life PIA member agents
Small businesses—which can include PIA members—are tempting targets for cyber crooks. They are just as vulnerable to data breaches as big companies, but they have fewer defenses. Members who have walked clients through the cyber claim process or who have been hacked...
Hardbit ransomware attempts to acquire insurance information
Hardbit ransomware emerged in October of 2022 and by November, version 2.0 already had evolved. What’s important to know about Hardbit ransomware is that it attempts to broker ransom payments through its victim’s cyber insurance policies. What is the threat? According...
N.Y.: New cyber regulations on the horizon; certification of compliance due April 15
The New York State Department of Financial Services released the official proposed second amendment to the cyber security regulation (23 NYCRR 500) for public comment late last year. This follows an unofficial draft of the amendments that circulated this past August....
Be alert: Red flags in agency agreements
Raise your hand if you enjoy reading contracts. Why am I getting the sense that I am the only one with his hand up? OK, I get it. Contracts are boring. They are long and filled with terms that barely resemble English. While I can’t get you out of reading the terms of...
An explanation multi-factor authentication
Multi-factor authentication is a method of authenticating users on an information system and requires them to go through multiple steps to access that information system. Commonly, this is accomplished through a combination of a username and password, followed by a...
An overview: Amendments to N.Y.’s cyber security regulation (23 NYCRR 500)
The New York State Department of Financial Services released the official proposed second amendment to the cybersecurity regulation (23 NYCRR 500). This follows an unofficial draft of the amendments that circulated in August. The amendment would make multi-factor...
N.Y.: Section-by-section analysis, DFS proposed second amendment to 23 NYCRR 500
Originally published in 2017, 23 NYCRR 500 was a first-in-the-nation attempt at creating standards for the financial services industry in protecting nonpublic information. These amendments would be the first major changes to the regulation since its adoption. The...
Now is the winter of our discontent …
The opening line of William Shakespeare’s Richard III is an oft-quoted line—often used to express sadness. You know, how you feel when another agency agreement comes across your desk. I know that agency agreements are no one’s favorite thing. You would much rather...
N.Y.: DFS proposes updates to cyber security regulation
The New York Department of Financial Services celebrated the five-year anniversary of 23 NYCRR 500—commonly referred to as the DFS Cyber Security Regulation—with amendments to that regulation. The DFS has released a pre-proposal for comment. Here is what is in this...