On March 26, 2015, Benjamin Lawsky, Superintendent of the New York State Department of Financial Services (DFS), sent a letter to the CEOs, General Counsel, and Chief Information Officers of all insurers doing business in the state to inform them of a mandatory cybersecurity questionnaire and the initiation of targeted cybersecurity examinations. Approximately 160 insurers […]
Regulation
FFIEC Issues Warnings on Malware and Cyber Attacks
The Federal Financial Institutions Examination Council (FFIEC) has issued two joint statements warning of specific cyber risks. The warnings, which were issued on March 30, 2015, address risks arising from destructive malware, which can destroy sensitive data, and cyber-attacks that compromise user credentials. In both statements, the FFIEC also provides guidance on how to mitigate […]
President Obama Signs Executive Order Authorizing Sanctions for Cyber Attacks, Use of Stolen Data
On April 1, 2015, the White House unveiled Executive Order 13694, which authorizes the Treasury Department to sanction entities outside of the United States that engage in “cyber-enabled activities” that are “reasonably likely to result in, or have materially contributed to, a significant threat to the national security, foreign policy, or economic health or financial […]
FCC Advisory Group Issues Cyber Risk Management Report
On March 18, the Federal Communications Commission (“FCC”) approved the Final Report on cybersecurity risk management and best practices issued by Working Group 4 (“WG4”) of its Communications, Security, Reliability, and Interoperability Council (“CSRIC”). The CSRIC, currently in its fourth assembly, is an advisory committee tasked with providing recommendations to the FCC to achieve “among […]
Montana Broadens Data Breach Notification Law
Montana has amended the state’s data breach notification law to both broaden the definition of “personal information” that triggers individual notice and to require notice to the state’s attorney general. The changes become effective on October 1, 2015. Montana has joined several other states, including California and Florida, that include medical-related information in the definition […]