New York Governor Andrew Cuomo announced a proposal requiring financial services companies, including insurance brokers, insurance companies, banks and other financial services institutions, to follow specific cybersecurity protocols intended to protect consumers and ensure a sound financial services industry in the state of New York. This “first-in-the-nation” regulation will be open for public comment for 45 days before its final issuance. “New York, the financial capital of the world, is leading the nation in taking decisive action to protect consumers and our financial system from serious economic harm that is often perpetrated by state-sponsored organizations, global terrorist networks, and other criminal enterprises,” said Governor Cuomo.
Specifically, the proposed cybersecurity regulation will require all financial services institutions regulated by the State Department to “establish a cybersecurity program; adopt a written cybersecurity policy; designate a Chief Information Security Officer responsible for implementing, overseeing and enforcing its new program and policy […] designed to ensure the security of information systems and nonpublic information.” The rule is not intended to limit industry innovation, but encourages firms to stay ahead of cybercriminals and “keep pace with technological advances,” according to the press release. The full proposal can be found here. It is not clear how – or if – this will impact the NAIC’s efforts to push adoption of an insurance-specific model cyber security law in the states.