On Friday, August 5, 2022, Eric Dinallo, Luke Dembosky, Avi Gesser, Erez Liebermann, and Charu Chandrasekhar participated in a webcast on the proposed draft amendments to the NYDFS cyber rules. The webinar examined the draft amendments and the implications they may have for insurance companies and other NYDFS-regulated entities. The discussion covered:

  • New governance, technology, and notification-related obligations proposed under the Draft Amendments, including more onerous obligations for large covered entities such as annual independent cybersecurity audits and weekly vulnerability assessments, mandatory 24-hour notification for cyber ransom payments, increased expectations for board expertise, and additional restrictions on privileged accounts;
  • Opportunities for participation during the comment period and likely pushback from covered entities; and
  • Practical steps covered entities can take to mitigate regulatory and reputational risks.

To listen to an on-demand recording, click here

To listen to other Data Strategy and Security webcasts, click here

To read our recent Data Blog post on the NYDFS Proposed Rules, click here.

To sign up for the Data Blog, please click here.

Author

Eric R. Dinallo is Chair of the Debevoise insurance regulatory practice and a member of its Financial Institutions and White Collar & Regulatory Defense Groups in New York. He can be reached at edinallo@debevoise.com.

Author

Luke Dembosky is a Debevoise litigation partner based in the firm’s Washington, D.C. office. He is Co-Chair of the firm’s Data Strategy & Security practice and a member of the White Collar & Regulatory Defense Group. His practice focuses on cybersecurity incident preparation and response, internal investigations, civil litigation and regulatory defense, as well as national security issues. He can be reached at ldembosky@debevoise.com.

Author

Avi Gesser is Co-Chair of the Debevoise Data Strategy & Security Group. His practice focuses on advising major companies on a wide range of cybersecurity, privacy and artificial intelligence matters. He can be reached at agesser@debevoise.com.

Author

Erez is a litigation partner and a member of the Debevoise Data Strategy & Security Group. His practice focuses on advising major businesses on a wide range of complex, high-impact cyber-incident response matters and on data-related regulatory requirements. Erez can be reached at eliebermann@debevoise.com

Author

Charu A. Chandrasekhar is a litigation partner based in the New York office and a member of the firm’s White Collar & Regulatory Defense and Data Strategy & Security Groups. Her practice focuses on securities enforcement and government investigations defense and cybersecurity regulatory counseling and defense.