BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

New York eases proposed cyber rules after industry complaints

New York eases proposed cyber rules after industry complaints

(Reuters) — New York state’s financial regulator on Wednesday issued a revised proposal for the nation’s first cyber security rules for banks and insurers, loosening some security requirements and delaying implementation by two months to March 1.

The rules from the New York State Department of Financial Services are being closely because they lay out unprecedented requirements on steps that financial firms must take to protect their networks and customer data from hackers and disclose cyber events to state regulators.

“Many organizations are going to have a lot of work to do to come into compliance with these revised regulations,” said Jed Davis, a partner with law firm Day Pitney and former U.S. federal cyber crimes prosecutor.

The state revised the rules in response to more than 150 comments on its initial proposed regulations.

The New York Insurance Association in one letter called the regulation “too much of a ‘one size fits all’ rule” that was overly specific and too broad. A New York Bankers Association letter warned of unintended consequences that would “hamper efforts to protect the public and may defy its purpose of preventing cyber attacks.”

The revised regulations include easing some timelines and requirements, including standards for encrypting data and authenticating access to networks. They also provide more time for compliance, expanding the transition from six months to as long as two years.

The agency said it would finalize the rules after a 30-day comment period.

“This updated proposal allows an appropriate period of time for regulated entities to review the rule before it becomes final and make certain that their systems can effectively and efficiently meet the risks associated with cyber threats,” Financial Services Superintendent Maria Vullo said in a statement.

The American Bankers Association, a critic of the original draft, praised the revisions.

“Some good work has been done,” association Senior Vice President Doug Johnson said in a phone call. “Once we have in-depth conversations with our membership, there may still be some operational concerns we will want to express. 



Read Next

  • NAIC cyber security model law to be released in 2017

    MIAMI — The third and final draft of the National Association of Insurance Commissioners’ cyber security model law won’t be ready for consideration until 2017, according to South Carolina Insurance Director Ray Farmer, the vice chair of the NAIC’s cyber security task force.