The New DFS Cyber-Security Regulation

This survey is designed to gauge your awareness of the new regulation and to understand your compliance needs, so that NAIFA-NYS can determine how best to serve you.  Please respond by Friday, June 9.

Question Title

* 1. Are you aware of the new DFS cyber-security regulation, which became effective on March 1, 2017, and that it applies to anyone with a license issued by DFS?

Question Title

* 2. If you are aware of the regulation, how did you learn of it?

Question Title

* 3. Did you know that compliance with the first several requirements of the regulation must be completed by August 28th of this year?

Question Title

* 4. Do you have a vendor you could use to assist with implementation of the regulations for such activities as cyber-risk assessment and/or reporting to DFS of cyber breaches or attempted breaches to your cyber-system?

Question Title

* 5. Has your electronic data system ever been breached?

Question Title

* 6. The regulation contains some limited exemptions for which you may qualify.  Please tell us if your business qualifies for one of the factors below (all responses will remain confidential).

  Yes No Not Sure
fewer than 10 employees
less than $5 million in gross revenue for each of the last 3 years
less than $10 million in year-end total assets according to GAAP
covered by cyber-security program of insurer you represent
covered by cyber-security program of an affiliate
do not operate, maintain, or utilize non-public info or maintain, use, or own non-public info

Question Title

* 7. Would you be interested in a NAIFA-NYS sponsored cyber-security vendor or product to assist your business with compliance with the regulation?

Question Title

* 8. Do you know whether the insurers with which you write life and/or retirement products will provide you a cyber-security program that will comply with the new regulation?

Question Title

* 9. Any Other Comments

T