The Next Wave of Cyber Regulation

February 2017

The New York Department of Financial Services’ (NYDFS) cybersecurity rules, the European Union The Next Wave of Cyber Regulation PaperGlobal Data Protection Regulation (GDPR), and the E.U.-U.S. Privacy Shield are some of the recently introduced or updated pieces of cyber regulation featured in a paper released by Advisen. Sponsored by CyberScout, the 7-page paper examines commonalities in these regulations, discusses steps toward compliance, and provides guidance for remaining compliant and competitive worldwide.

Complying with cyber regulations

The New York Department of Financial Services (NYDFS) requires DFS-regulated entities to adhere to stringent cybersecurity requirements. The European Union Global Data Protection Regulation (GDPR) strengthens data protection for individuals in the European Union. These two are examples of cybersecurity regulations that are constantly being updated in substance and scope.

Many of the previous regulations were seen by experts as taking a cart-before-the-horse approach, with the regulations kicking in after a data breach and then prescribing notification requirements. To do away with this approach, regulators have been working to propose a more preventive stance to cybersecurity. For instance, the NYDFS, set to go into effect on March 1, 2017 is seen to better protect consumers and their sensitive data.

The key to both the New York cyber regulations and GDPR will be the continuing cooperation between regulators and businesses.  Insurers, brokers and agents have a unique perspective on these regulations. They must both comply with them and advise clients on, how to remain compliant.

As the cyber insurance market has developed, policies have come to include cyber consulting services to improve clients’ security stance. This connection to trusted relationships with digital forensic firms, attorneys and breach response experts will ensure businesses can quickly respond to and recover from security breaches with the assistance of their cyber insurers.