New York Cyber Regulations Likely to Result in Increased Claims
Thursday, April 13, 2017
Cybersecurity, New York Cyber Regulations Likely to Result in Increased Claims
Print Mail Download i

The New York State Department of Financial Services (NYDFS) recently promulgated cyber regulations for financial institutions that are likely to increase the risks to directors & officers (D&Os), resulting in an increase in claims.

The NYDFS regulations create new obligations for financial institutions, including adopting written policies and procedures, designating a chief information security officer (CISO) and conducting routine risk assessments of security. D&Os will be responsible for overseeing compliance with these rules. Failure to comply could result in fines and penalties, as well as litigation.

It is imperative that D&Os take reasonable steps to ensure that their financial institutions are in compliance with the NYDFS regulations, including active assessment of security policies and procedures. Exercises such as tabletops should be conducted to identify vulnerabilities so that corrective actions may be taken to secure data.

Plaintiffs’ law firms have aggressively pursued businesses by filing class action lawsuits arising out of data breaches. To date, plaintiffs have not obtained widespread support for such claims. However, the new NYDFS regulations may provide a potentially viable foundation for plaintiffs to have standing against D&Os for failing to have their financial institution in compliance.

Insurers should be aware of the additional risk to D&Os created by the NYDFS regulations and the impact they could have on losses. In an effort to mitigate the risk, insurers should update D&O applications to confirm that the financial institutions and other industries they are underwriting are in compliance with the regulations so that the risk may be rated accordingly.

Further, it is generally thought that regulations such as those instituted by the NYDFS may be the first of many steps taken by states to ensure that data is properly managed and secured by financial institutions. Unlike New York, other states may enforce more stringent regulations that impose stricter requirements on financial institutions, further increasing the possibility of a violation and litigation. Financial institutions and insurers should continue to keep abreast of such regulations to ensure that the appropriate measures have been implemented to mitigate such exposures.

© 2024 Wilson Elser

Current Legal Analysis

More from Wilson Elser Moskowitz Edelman & Dicker LLP

Is This the End of Noncompete Agreements in the United States?
by: Peter A. Lauricella , Kadeem Wolliaston
“More Likely Than Not”: New Amendments to FRE 702 Demand More Exacting Standard for Admitting Expert Testimony
by: Thomas M. DeMicco
Luxury Brands Assert Intellectual Property Rights Against Resellers
by: Stephen J. Barrett
Employment Tip of the Month – April 2024
by: Joshua Bachrach
Fourth Circuit Reverses $1 Billion Award for Vicarious Liability Claim for More than 10,000 Works
by: Leia Leitner
Nevada Rejects Patient’s Effort to Create New PSQIA Privilege Waiver
by: James V. Lovett
Nevada Supreme Court Reverses $48 Million Verdict, Concludes Hospitals Do Not Owe Fiduciary Duty to Patients in the Provision of Medical Services
by: James V. Lovett
Disclosure upon the Death of a Client under Virginia Supreme Court Legal Ethics Opinion 1900
by: Matthew W. Lee
Accountants’ Role in the Beneficial Ownership Reporting Requirement Under the Corporate Transparency Act
by: Cynthia S. Butera , Kevin Shaftan
Relationships Are “Special” – But Insurance Brokers Ought to Be Wary
by: Christopher Martin , Benjamin Mehic

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins