Summary
On February 4, 2021, the New York Department of Financial Services (NYDFS) issued Circular Letter No. 2, “Cyber Insurance Risk Framework” to all property-casualty insurers authorized to transact insurance in New York. Concerned with escalating cyber insurance claims, the NYDFS has identified seven “Best Practices” that insurers should adopt in order to better manage cybersecurity risk. These “best practices” are outlined in its Circular Letter as a “Cyber Insurance Risk Framework” (Framework).
The Circular Letter includes a somewhat controversial recommendation against insurers covering ransom payments. It also recommends that an insurer’s senior management and directors be formally involved in managing cyber risk. So while the recommendations in the Circular Letter and Framework do not currently have the “force of law”, insurance industry participants should understand how their interests could be affected by adoption of the Framework.
Background
The Framework is the result of an intensive, year-long effort by the NYDFS to better understand cyber risk and its financial effect on insurers, including those issuing cyber insurance coverage. The…
