WIN Magazine - Fall 2017 - 28

Additionally, the model law provides
that the licensee's information-security
program must include the oversight of
third-party service providers. However,
unlike the NYDFS cyber regulations, the
model law does not expressly require
a licensee to develop policies and procedures for conducting due diligence
and oversight over third-party service
providers. Instead, licensees only must
exercise due diligence in selecting thirdparty service providers and require such
providers to implement administrative, technical and physical measures
to protect and secure the licensee's NPI
to which it has accesses or possession.

INVESTIGATION AND
NOTIFICATION OF A
CYBERSECURITY EVENT
The model law requires licensees to
promptly investigate cybersecurity
events. The model law is similar to
the NYDFS cyber regulations in that it
requires a licensee to notify the state
insurance commissioner no later than
72 hours from a determination that a

2 8897667_Abercrombie.indd
| F A L L 2 017 | W1I N M A G A Z I N E

cybersecurity event occurred. However,
there are material differences between
the NYDFS cyber regulations and the
model law for notice requirements.
First, the criteria for triggering notice
under the model law are broader. Notice
under the model law is required if the
insurer is domiciled in the state in which
the model law was enacted; or if the
licensee reasonably believes that the NPI
involved is of 250 or more consumers
residing in the state, and either: (a) the
licensee is required to provide notice of
the cybersecurity event to any government body, self-regulatory agency or
any other supervisory body pursuant to
any state or federal law; or (b) there is a
"reasonable likelihood" of the cybersecurity event materially harming: (i) any
consumer residing in the state; or (ii) any
material part of the normal operations
of the licensee. Under the NYDFS cyber
regulations, notice is required only if the
cybersecurity event requires notice to any
government body, self-regulatory agency
or any other supervisory body; or if the
cybersecurity event has a "reasonable

likelihood" of materially harming any
covered entity's normal operations.
Second, the model law has a narrower definition for cybersecurity event.
Whereas the NYDFS cyber regulations
defines a cybersecurity event as "means
any act or attempt, successful or unsuccessful, to gain unauthorized access to,
disrupt or misuse an Information System
or information stored on such Information
System," the model law defines the term
as "an event resulting in unauthorized
access to, disruption or misuse of, an
Information System or information stored
on such Information System" (emphasis
added). Under the model law, a licensee
also must conduct an investigation if it
learns that a cybersecurity event occurred
or may have occurred in a system maintained by one of its third-party vendors.
Any investigation must be geared
toward determining: (1) whether a cybersecurity event occurred; (2) the nature
and scope of the event; (3) the NPI implicated or compromised; and (4) necessary
measures to restore the security of the
licensee's information systems.

13/12/17 02:00


http://www.asg-adj.com http://www.asg-adj.com

Table of Contents for the Digital Edition of WIN Magazine - Fall 2017

Do Hurricanes Have a Silver Lining?
Underwriting Marijuana
The Cyber Insurance Conundrum
Writing Data Security Into Law
Gauging Risk, Reaping Reward
Simply Seamless
Moving to the Cloud: 3 Migration Strategy Models and the 6 R’s.
In the WIN-NER’s Circle
WIN Magazine - Fall 2017 - Intro
WIN Magazine - Fall 2017 - bellyband1
WIN Magazine - Fall 2017 - bellyband2
WIN Magazine - Fall 2017 - cover1
WIN Magazine - Fall 2017 - cover2
WIN Magazine - Fall 2017 - 3
WIN Magazine - Fall 2017 - 4
WIN Magazine - Fall 2017 - 5
WIN Magazine - Fall 2017 - 6
WIN Magazine - Fall 2017 - 7
WIN Magazine - Fall 2017 - 8
WIN Magazine - Fall 2017 - 9
WIN Magazine - Fall 2017 - 10
WIN Magazine - Fall 2017 - 11
WIN Magazine - Fall 2017 - Do Hurricanes Have a Silver Lining?
WIN Magazine - Fall 2017 - 13
WIN Magazine - Fall 2017 - 14
WIN Magazine - Fall 2017 - 15
WIN Magazine - Fall 2017 - 16
WIN Magazine - Fall 2017 - Underwriting Marijuana
WIN Magazine - Fall 2017 - 18
WIN Magazine - Fall 2017 - 19
WIN Magazine - Fall 2017 - 20
WIN Magazine - Fall 2017 - 21
WIN Magazine - Fall 2017 - 22
WIN Magazine - Fall 2017 - 23
WIN Magazine - Fall 2017 - The Cyber Insurance Conundrum
WIN Magazine - Fall 2017 - 25
WIN Magazine - Fall 2017 - Writing Data Security Into Law
WIN Magazine - Fall 2017 - 27
WIN Magazine - Fall 2017 - 28
WIN Magazine - Fall 2017 - 29
WIN Magazine - Fall 2017 - 30
WIN Magazine - Fall 2017 - Gauging Risk, Reaping Reward
WIN Magazine - Fall 2017 - 32
WIN Magazine - Fall 2017 - 33
WIN Magazine - Fall 2017 - 34
WIN Magazine - Fall 2017 - 35
WIN Magazine - Fall 2017 - Simply Seamless
WIN Magazine - Fall 2017 - 37
WIN Magazine - Fall 2017 - Moving to the Cloud: 3 Migration Strategy Models and the 6 R’s.
WIN Magazine - Fall 2017 - 39
WIN Magazine - Fall 2017 - In the WIN-NER’s Circle
WIN Magazine - Fall 2017 - 41
WIN Magazine - Fall 2017 - 42
WIN Magazine - Fall 2017 - cover3
WIN Magazine - Fall 2017 - cover4
WIN Magazine - Fall 2017 - outsert1
WIN Magazine - Fall 2017 - outsert2
WIN Magazine - Fall 2017 - outsert3
WIN Magazine - Fall 2017 - outsert4
https://www.nxtbook.com/naylor/AMGQ/AMGQ0118
https://www.nxtbook.com/naylor/AMGQ/AMGQ0417
https://www.nxtbook.com/naylor/AMGQ/AMGQ0317
https://www.nxtbook.com/naylor/AMGQ/AMGQ0217
https://www.nxtbook.com/naylor/AMGQ/AMGQ0117
https://www.nxtbook.com/naylor/AMGQ/AMGQ0416
https://www.nxtbook.com/naylor/AMGQ/AMGQ0316
https://www.nxtbook.com/naylor/AMGQ/AMGQ0216
https://www.nxtbook.com/naylor/AMGQ/AMGQ0116
https://www.nxtbook.com/naylor/AMGQ/AMGQ0415
https://www.nxtbook.com/naylor/AMGQ/AMGQ0315
https://www.nxtbook.com/naylor/AMGQ/AMGQ0215
https://www.nxtbook.com/naylor/AMGQ/AMGQ0115
https://www.nxtbook.com/naylor/AMGQ/AMGQ0414
https://www.nxtbook.com/naylor/AMGQ/AMGQ0314
https://www.nxtbook.com/naylor/AMGQ/AMGQ0214
https://www.nxtbook.com/naylor/AMGQ/AMGQ0114
https://www.nxtbook.com/naylor/AMGQ/AMGQ0413
https://www.nxtbook.com/naylor/AMGQ/AMGQ0313
https://www.nxtbook.com/naylor/AMGQ/AMGQ0213
https://www.nxtbook.com/naylor/AMGQ/AMGQ0113
https://www.nxtbookmedia.com