The Excess Line Association of New York published a bulletin informing brokers of the new cybersecurity regulations that will go into effect starting May 1, 2025.
Brokers that filed a limited exemption need only to comply with the Section 500.7 requirements. Section 500.7 states that a cybersecurity system should include the following:
- Limit the number of privileged accounts that have access to nonpublic information and periodically review access privilege
- Disable or securely configure protocols that permit remote access of devices
- Terminate access after departures
- Implement a written password policy that is up to industry standards
Brokers that have not filed a limited or full exemption are subject to the same requirements above and must also comply with Sections 500.5(a)(2) and 500.14(a)(2). Section 500.5(a)(2) requires that covered entities perform an automated scan of information systems in search of vulnerabilities after any material system change. Section 500.14(a)(2) requires that covered entities implement controls designed to protect against malicious code.
This premium content is locked for FC&S Coverage Interpretation Subscribers
Enjoy unlimited access to the trusted solution for successful interpretation and analyses of complex insurance policies.
- Quality content from industry experts with over 60 years insurance experience, combined
- Customizable alerts of changes in relevant policies and trends
- Search and navigate Q&As to find answers to your specific questions
- Filter by article, discussion, analysis and more to find the exact information you’re looking for
- Continually updated to bring you the latest reports, trending topics, and coverage analysis
Already have an account? Sign In Now
For enterprise-wide or corporate access, please contact our Sales Department at 1-800-543-0874 or email [email protected]