On Friday, July 7th, 2023, Eric Dinallo, Avi Gesser, Erez Liebermann, Marshal Bozzo, and Stephanie Thomas hosted a webcast that examined the Revised Proposed 2nd Amendment to the Part 500 Cybersecurity Rules released by the New York Department of Financial Services and discussed what changes were made, what still needs fixing, and the implications that the new draft may have for insurance companies and other NYDFS-regulated entities.

Important issues covered include changes to:

  • The cybersecurity expertise requirements for boards;
  • The definition of Class A companies and what is required of them;
  • The multi-factor authentication obligations;
  • The business continuity and disaster recovery requirements;
  • The audit and risk assessment procedures; and
  • The annual certification obligations and what constitutes a violation of Part 500.

To access an on-demand recording of this webcast, please click here.

If you missed the last briefing, please click here to access the on-demand recording.

The cover art used in this blog post was generated by DALL-E.

Author

Eric R. Dinallo is Chair of the Debevoise insurance regulatory practice and a member of its Financial Institutions and White Collar & Regulatory Defense Groups in New York. He can be reached at edinallo@debevoise.com.

Author

Avi Gesser is Co-Chair of the Debevoise Data Strategy & Security Group. His practice focuses on advising major companies on a wide range of cybersecurity, privacy and artificial intelligence matters. He can be reached at agesser@debevoise.com.

Author

Erez is a litigation partner and a member of the Debevoise Data Strategy & Security Group. His practice focuses on advising major businesses on a wide range of complex, high-impact cyber-incident response matters and on data-related regulatory requirements. Erez can be reached at eliebermann@debevoise.com

Author

Marshal Bozzo is a regulatory counsel based in the New York office and a member of the Debevoise Insurance Regulatory practice. He can be reached at mlbozzo@debevoise.com.

Author

Stephanie D. Thomas is an associate in the Litigation Department and a member of the firm’s Data Strategy & Security Group and the White Collar & Regulatory Defense Group. She can be reached at sdthomas@debevoise.com.