NY State Says New Regulations Could Provide National Cyber Model for Insurance Companies

At the National Association of Insurance Commissioners (NAIC) meeting in Denver this weekend, Maria Vullo, superintendent of the NY State Department of Financial Services, said that other states should adopt NY’s cybersecurity regulations as an example of how insurance companies could protect their organizations from breaches.

“We believe the best way for industry to focus on the threat of cybersecurity is to have a consistent framework,” said Maria Vullo, from her session at NAIC. “The New York regulation is a road map with rules of the road.”

New York State regulations require banks and insurers to meet minimum cybersecurity standards and report breaches to regulators as part of an effort to battle cyber-related crime and protect consumers.

New York rules for banks and insurers also mandate risk assessments for third-party vendors that provide them goods and services. It’s no wonder on a recent Rsam poll that 83% said improving their Vendor Risk Program in 2017 is a top priority.

With Vullo’s recommendation is Denver this weekend, it will be interesting to see which states will follow suit.