Login

Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Clock starts on cyber compliance

Reprints
Cyber Risks Regulation More + Less -

Financial institutions governed by New York’s new cyber security regulation will have numerous and perhaps confusing implementation deadlines, but many firms have already started down the compliance path.

“The companies knew ever since this was proposed that this was going to happen,” said Angela Gleason, senior counsel for the American Insurance Association in Washington.

In response to concerns about implementation time frames, the New York State Department of Financial Services added several transitional periods to its regulation.

But Ms. Gleason said there may still be some confusion on these transition periods. For example, companies are required to complete their risk assessments by March 1, 2018, but some elements of the cyber security program that would be driven by the risk assessments must be in place within 180 days.

“In a way, it essentially forces you to move up your risk assessment, but there is still some room for a longer transition period, which helps companies,” she said.

The department also reduced the retention provisions related to audit trails — designed to reconstruct material financial transactions sufficient to support normal operations and obligations, and detect and respond to cyber security events — to five years, or three years for certain records, from six years.

Concerns about the compliance time frames in the original proposal have been alleviated to some extent by the department’s adoption of the risk-based approach, said Kristina Baldwin, Albany, New York-based vice president of state government relations for the Property Casualty Insurers Association of America.

“But these are very comprehensive requirements, and in some cases the time frames for compliance are as short as 180 days,” she said. “There are concerns it may be difficult for companies to meet these deadlines.”

 

 

 

Read Next

  • Final cyber rule eases insurer concerns

    New York’s final cyber security rule for insurers and other financial institutions is much less prescriptive than the original proposal, but it is still raising compliance concerns.

Related Stories

Most Read in Risk Management

Sign up for Daily Briefing, the free email newsletter from Business Insurance.

About

Advertise

Reprints and Licensing

Resources

. Privacy PolicyTerms of Use

COPYRIGHT © 2024 BUSINESS INSURANCE HOLDINGS

Member, Beacon International Group, Ltd.