Do Your Cyber and D&O Policies Cover Emerging Exposures Arising Out Of The New NYDFS Cybersecurity Regulations?

King & Spalding

March 1, 2018 will mark one year since the effective date of the New York Department of Financial Services’ (“NYDFS”) cybersecurity regulations, which may signal a trend towards stricter industry-specific regulatory oversight of companies’ cybersecurity practices. The new regulations—which broadly apply to entities subject to New York banking, insurance and financial services laws (“Covered Entities”)—impose certain minimum requirements for cybersecurity practices, including, among other things: (i) maintenance of a comprehensive cybersecurity program and corresponding written policies and procedures, including a detailed incident response plan; (ii) designation of a senior officer to implement and oversee the entity’s cybersecurity program and policies; (iii) periodic risk assessments and penetration testing; (iv) requirements to notify the NYDFS promptly after discovering a security incident; and (v) annual certification by the board of directors or a senior officer of compliance with the regulations.

Importantly, while the NYDFS regulations provide several transition periods for compliance, Covered Entities must submit their first annual certification of compliance by February 15, 2018, and must complete implementation of other required practices, such as a cyber risk assessment and use of multi-factor authentication, by March 1, 2018. In light of the looming compliance deadlines, companies should assess their directors and officers (“D&O”) policies and cyber / data privacy insurance policies now to ensure they provide adequate protection in the event a data breach triggers an expensive NYDFS regulatory investigation or enforcement proceeding.

Please see full Alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.

Written by:

King & Spalding

King & Spalding on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.