On Friday, August 5, 2022, Eric Dinallo, Luke Dembosky, Avi Gesser, Erez Liebermann, and Charu Chandrasekhar participated in a webcast on the proposed draft amendments to the NYDFS cyber rules. The webinar examined the draft amendments and the implications they may have for insurance companies and other NYDFS-regulated entities. The discussion covered:
- New governance, technology, and notification-related obligations proposed under the Draft Amendments, including more onerous obligations for large covered entities such as annual independent cybersecurity audits and weekly vulnerability assessments, mandatory 24-hour notification for cyber ransom payments, increased expectations for board expertise, and additional restrictions on privileged accounts;
- Opportunities for participation during the comment period and likely pushback from covered entities; and
- Practical steps covered entities can take to mitigate regulatory and reputational risks.
To listen to an on-demand recording, click here.
To listen to other Data Strategy and Security webcasts, click here.
To read our recent Data Blog post on the NYDFS Proposed Rules, click here.
To sign up for the Data Blog, please click here.
Eric R. Dinallo is Chair of the Debevoise insurance regulatory practice and a member of its Financial Institutions and White Collar & Regulatory Defense Groups in New York. He can be reached at email@example.com.
Luke Dembosky is a Debevoise litigation partner based in the firm’s Washington, D.C. office. He is Co-Chair of the firm’s Data Strategy & Security practice and a member of the White Collar & Regulatory Defense Group. His practice focuses on cybersecurity incident preparation and response, internal investigations, civil litigation and regulatory defense, as well as national security issues. He can be reached at firstname.lastname@example.org.
Avi Gesser is Co-Chair of the Debevoise Data Strategy & Security Group. His practice focuses on advising major companies on a wide range of cybersecurity, privacy and artificial intelligence matters. He can be reached at email@example.com.
Erez is a litigation partner and a member of the Debevoise Data Strategy & Security Group. His practice focuses on advising major businesses on a wide range of complex, high-impact cyber-incident response matters and on data-related regulatory requirements. Erez can be reached at firstname.lastname@example.org
Charu A. Chandrasekhar is a litigation counsel based in the New York office and a member of the firm’s White Collar & Regulatory Defense Group. Her practice focuses on securities enforcement and government investigations, internal investigations and complex commercial litigation.