X

NYDFS Issues Cyber Insurance Risk Guidance

The New York Department of Financial Services ("NYDFS") issued guidance on cyber insurance risk for property/casualty insurers writing cyber insurance. The NYDFS advised insurance companies to establish a formal cyber insurance risk strategy proportionate to the insurer's risk, taking account of the insurer's size, resources, geographic distribution and market share and the industries insured.

In its framework, the NYDFS outlined the following best practices:

  • minimize exposure to "silent" cyber insurance risk (i.e., loss from a cyber incident that an insurer must cover even though the policy does not explicitly mention cyber incidents);

  • evaluate systemic risk, as catastrophic cyber events (e.g., the SolarWinds Trojan horse) have grown due to reliance on third-party vendors;

  • "rigorously" assess the gaps in the cybersecurity of each potential insured;

  • educate insureds and insurance producers on the value of cybersecurity measures;

  • hire employees with cybersecurity experience; and

  • require that insureds notify law enforcement if they are victims of a cyber incident.

Primary Sources

  1. NYDFS Press Release: Superintendent Lacewell Announces DFS Issues Cybersecurity Insurance Risk Framework
  2. NYDFS Insurance Circular Letter No. 2 (2021): Cyber Insurance Risk Framework

Tags

Regulated Activities
Data Protection / Cybersecurity
Sub-Activity
Cybersecurity
Regulated Entities
Other Financial Firms
Sub-Entity
Insurance Companies
Regulated Products
Insurance (as product)
Jurisdiction
States
Organization
States
Sub-Author
NYDFS