June 2017 - New York State has taken the lead in implementing aggressive cybersecurity regulations, and other states seem likely to follow their lead.

Under these new regulations, insurers will be required to have a formal CISO, face heavy new burdens of documenting policies and performing assessments, and be required to destroy Non-Public Personal Information and implement encryption-at-rest, among other things.

This brief is designed to familiarize insurers with some of the key issues and challenges that these new regulations present, and provides some concluding thoughts on how best to prepare for their impact.