Insurance group: Revisions in New York's proposed cyber regulations 'a good step'
WASHINGTON Dec. 29, 2016 The American Insurance Association (AIA) is encouraged by the New York Department of Financial Services (DFS) revised cyber security regulation. Announced yesterday in the New York State Registrar, the new effective date of the regulation, following a 30-day public review period, will be March 1, 2017. While the regulation continues to be quite broad in scope, there have been some improvements in the revised regulation to provide financial institutions with greater flexibility in creating cybersecurity programs that best fits their risk profile.
In particular, AIA is pleased to see that DFS has addressed our concerns regarding some of the more restrictive and burdensome requirements of the regulation, including those relating to encryption and audit trails. Additionally, the extended transition period is a positive development as it will allow more time for companies to comply with certain requirements in the regulation.
A brief statement by Alison Cooper, Northeast region vice president for AIA, follows.
“AIA thanks the Department of Financial Services for working with the industry in addressing many of our concerns with the initial proposed cybersecurity regulation. As we continue to review the revised regulation, we’re encouraged by a number of changes and believe this is a good step in the right direction. The extended deadline and comment period will give insurers additional opportunities to provide feedback to the Department, allowing for greater coordination in achieving our ultimate shared goal: protecting customers’ information and corporate networks from cyberattacks. As such, the revisions and delayed implementation will allow insurers to better tailor and implement cybersecurity programs in a risk-based manner.”