New York remains extremely active in the cybersecurity and data protection arena. As we have recently discussed, New York is considering a proposed privacy bill that would greatly enhance consumer privacy rights, increase business obligations, and create new litigation/enforcement exposure. Meanwhile, the New York Department of Financial Services (NYDFS) has recently filed its first Cybersecurity Regulation enforcement action (analyzed here), required regulated entities to formally notify the NYDFS if they were directly impacted by the SolarWinds incident (discussed here), and has now issued the nation’s first Cyber Insurance Risk Framework (Framework).
The Framework applies directly to all property/casualty insurers registered with the NYDFS, but will have wide-reaching effects on all businesses as they evaluate and purchase cyber insurance.
The stated goals of the Framework are to facilitate the continued growth of a sustainable and sound cyber insurance market by outlining best practices for managing cyber insurance risks. Not only are insurers writing cyber insurance obligated to follow the Framework’s guidance, but all insurers need to evaluate their “silent risk”…
