The New York Department of Financial Services (NYDFS) announced last week a series of measures it plans to take "to help strengthen cyber hacking defenses at insurers." Those measures include, among other things: regular, targeted assessments of cyber security preparedness at insurance companies; putting forward enhanced regulations requiring institutions to meet heightened standards for cyber security; and considering the ways in which NYDFS can support and encourage the development of the cyber security insurance market. The NYDFS stated that it plans to initiate these measures in the coming weeks and months.… Continue Reading
Top-ranking U.S. officials continue to stress the importance of securing adequate protection in the event of cyberliability losses. Most recently, those efforts have been directed to financial institutions, an industry particularly susceptible to cyber attacks. On December 3, 2014, United States Deputy Secretary of the Treasury, Sarah Raskin, delivered a speech at the Texas Bankers' Association Executive Leadership Cybersecurity Conference wherein she provided banks with a simple checklist to consider before a cyber attack occurs. Notably, one item on the Deputy Secretary's checklist was cyberliability insurance - coverage at which the Deputy Secretary recommended all banks take a hard look.… Continue Reading
Since the President's February 2013 Executive Order directing the National Institute of Standards and Technology (NIST) to lead the development of a voluntary framework to address and reduce cyber risks, the agencies and stakeholders involved have been exploring whether to tie the February 2014 Framework for Improving Critical Infrastructure Cybersecurity (the NIST Framework) to incentives such as cyberliability insurance. For example, in a Report to the President on Cybersecurity Incentives, the Treasury Department suggested that "[c]yber insurance can promote adoption of stronger security measures" because, among other reasons, "insurers could require policyholders to comply with minimum security standards as a condition of insurance coverage, including adoption of the Framework."
The Treasury Department held a public meeting on November 6 that included a discussion of developments in the market for cyberliability insurance and the NIST Framework.… Continue Reading