New York State is implementing a new Cyber Security Regulation effective March 1st, 2017.
“New York is the financial capital of the world, and it is critical that we do everything in our power to protect consumers and our financial system from the ever-increasing threat of cyber-attacks,” Gov. Andrew Cuomo said February 16, 2017 in a statement.
Today’s marketplace continues to transition towards the way of the key stroke. It seems you can’t conduct a business transaction without a multitude of emails, electronically signed documents, or a cloud storing the most vital of information. These amenities have streamlined the means in which we conduct business, but have they left our information exposed? New York state seems to think so, and thus, has passed what appears to be the “first-in-nation” cyber security regulation.
Governor Cuomo continue in his above statement “These strong, first-in-the-nation protections will help ensure this industry has the necessary safeguards in place in order to protect themselves and the New Yorkers they serve from the serious economic harm caused by these devastating cyber crimes.”
The finalized cyber security regulation, which takes effect March 1, 2017, sets mandated standards for financial institutions (including treasurers and insurers) to continue the on-going battle with risk of cyber-attacks.
The regulation requires “regulated companies” to implement a cyber security plan, including requirements for a program that is adequately funded, staffed, overseen by qualified management, and reported periodically to the most senior governing body of the organization. Additionally, the new regulation calls on banks to scrutinize security at third-party vendors which are providing them services. In 2015, the New York Department of Financial Services found that a third of 40 banks polled did not require outside vendors to notify them of breaches that could compromise data.
“Throughout the regulatory review period, we emphasized how critical it is for insurers to have the ability to tailor and implement their cyber-security programs in a risk-based manner,” Alison Cooper, Albany, New York-based Northeast region vice president for the American Insurance Association, said in a statement. “While some challenges remain, overall the final cyber security regulation provides greater flexibility so insurers are able to better adapt to an evolving threat landscape.”
“With this landmark regulation, (the department) is ensuring that New York consumers can trust that their financial institutions have protocols in place to protect the security and privacy of their sensitive personal information,” Department of Financial Services Superintendent Maria Vullo said in a statement. “As our global financial network becomes even more interconnected and entities around the world increasingly suffer information breaches, New York is leading the charge to combat the ever-increasing risk of cyber attacks.”
At this point you’re probably thinking to yourself “We’re not a bank, and we’re not a large corporation. So how does this affect my business?”
Directly it doesn’t, YET! However this new regulation should be viewed as a notice to all businesses, regardless of industry: cyber-attacks are an ever-increasing risk, and a potentially devastating exposure if left unacknowledged. It seems as though we’re constantly reading about the large corporations being hacked, leaving the small and mid-sized business owner to think “This can’t happen to us. Why would we be attacked?” The truth is, it can and it does happen to small and mid-sized businesses. Unfortunately, unlike the Home Depots and Targets of the world, one cyber-attack could be enough to force a business to close its doors.
Now is the time to evaluate your risk. Do you have a contingency plan in force if an employee accidentally opens a link from a person they thought they knew, only to find out it’s ransomware? Is there an action plan in force in the event hackers use your company email to send out spam or a virus to your contacts? Do employees know the steps to take if somehow all of your clients’ or employees’ data are stolen? Worse if one of these events occurred what would be the cost implications to your business? IF you would like to take a deeper dive into this issue contact a Risk Advisor today by CLICKING HERE. They can help you take steps to protect your business that cost nothing. Further you can transfer the cost implications of many of these challenges to an insurance carrier through the purchase of a cyber liability policy. The world has become much more complicated and it continues to do so with the passing of each month. We are here to help.