Publications

(Article from Insurance Law Alert, February 2021)

For more information, please visit the Insurance Law Alert Resource Center.

As ransomware attacks and other cyber incidents continue to proliferate, New York’s Department of Financial Services urged insurers to develop a “rigorous and data driven approach to cyber risk.” The Department recommended guidelines and best practices, including careful vetting of policyholder risk, the establishment of comprehensive risk strategy, retention of cybersecurity experts and stringent notice requirements for cyber incidents in insurance policies. Although the guidelines are not binding, the Department warned that insurers’ failure to adequately assess cyber risks could adversely impact the insurance market overall. In addition, the Department emphasized the rising incidence of ransomware attacks in particular, cautioning insurers that they may be held liable for ransom payments made to sanctioned entities pursuant to formal advisories issued by the Office of Foreign Assets Control in October 2020. See October 2020 Alert.