New York Addresses Cyber Security Concerns with Insurers

Posted by

Governor Andrew M. Cuomo launched an inquiry into the steps that insurers are taking to keep their customers and companies safe from cyber attacks citing the public entrustment of a wide variety of sensitive health, personal, and financial records to insurers and the critical importance of making sure that information is safeguarded.

The New York State Department of Financial Services (DFS) sent “308 Letters” requiring a response to the largest insurance companies that DFS regulates, requesting information on the policies and procedures they have in place to protect against cyber attacks.

The letters request a wide variety of information as part of the extensive inquiry, including:

  • Information on any cyber attacks the company has been subject to in the past three years
  • The cyber security safeguards the company has put in place
  • The company’s information technology management policies
  • The amount of funds and other resources dedicated to cyber security at their company
  • The company’s governance and internal control policies related to cyber security

The inquiry comes just after the recent formation of Governor Cuomo’s Cyber Security Advisory Board, which is charged with advising the administration on developments in cyber security and making recommendations for protecting the state’s critical infrastructure and information systems.

New York’s focus on cyber security comes just months after a breach at Nationwide Mutual Insurance Co. exposed consumers’ names, Social Security numbers, driver’s license numbers, birth dates, marital statutes, genders, occupations and their employers’ names and addresses, according to the complaint in that matter. In that instance,California’s insurance regulator scrutinized cyber security measures at Nationwide and its affiliates to ensure the company was doing all it could to protect consumers against data breaches.