Insights & Publications
Diversity & Inclusion
© 2022 Debevoise & Plimpton LLP
DFS Expands Its Cyber Focus to Insurers
30 March 2015
View Client Update
On Thursday, March 26, New York State’s Department of Financial Services (DFS) announced a major expansion of its cybersecurity efforts: DFS will require insurers to respond to a special “comprehensive risk assessment” on cybersecurity, with those assessments to be followed by an enhanced focus on cybersecurity as part of DFS’s regular examinations of insurers.
DFS has not promulgated specific cybersecurity standards, but it is strongly suggesting what it considers best practices by the questions it asks. We have previously called that “regulation by implication” – the questions themselves imply answers that the agency is likely to prefer.
Although the most recent DFS guidance specifically applies only to the insurers it regulates, companies in all industries may find the DFS “308 letter” a useful checklist for assessing their own cybersecurity posture.
Data Strategy & Security
White Collar & Regulatory Defense
David A. O'Neil
UK Modern Slavery Act Transparency Statement
Debevoise Login (2)
Debevoise Women's Review