Skip Ribbon Commands
Skip to main content
Oct 11
Big I NY Urges Veto on Costly Wrongful Death Bill

VETO.png
Big I NY and a coalition of 34 other business organizations urged Gov. Kathy Hochul this week to veto legislation that would lead to skyrocketing wrongful death lawsuit awards and increased insurance costs for all New Yorkers.  

In a letter to the Governor, the coalition pointed to the severe economic implications that would result from the passage of A.9232B/S.8485B​ (aka Wrongful Death/Grieving Families Act) and the impact that it would have on New York families and businesses.  The coalition letter notes that, if enacted into law, personal auto and small business insurance premiums are expected to increase by 6% and 10.9%, respectively.  

Gov. Hochul has twice vetoed​ the wrongful death expansion where she cited the impact it would have on the cost of insurance of all types, especially the healthcare sector.  The bill expands the types of compensation available to family members in a wrongful death claim to include subjective and difficult to define elements like grief, emotional anguish, and loss of companionship.  It would also apply retroactively to January 1, 2021.  

These and other components of the bill inject extreme uncertainty into the insurance environment and will drive costs for all consumers.  The legislation is not expected to be acted upon until after the November 5 election.  The letter and a news article reporting on the effort can be viewed HERE

Oct 03
DFS Cybersecurity Alert: Hackers Infiltrating Help Desks

call-center-8643476_640.jpg

The New York State Department of Financial Services (DFS) last week warned all financial services companies of a new cybersecurity threat targeting information technology (IT) help desks and service centers. A letter dated September 27, 2024 stated, "DFS has seen evidence that threat actors are targeting IT help desks and call centers using, among other tactics, voice-altering technology in conjunction with information obtained on the internet about the identities of personnel to convince help desks to reset passwords and divert multi-factor authentication (MFA) to new devices."

DFS urged all entities it regulates to alert help desk and service center staff  to be diligent in authenticating the identities of anyone who requests changes to authentication factors. While most Big I New York members do not have help desks, many do use insurance carrier call centers. You may find that the call centers' staff will take more steps to verify your identity when you contact them than they did before. This will likely be because of this new DFS alert. You should anticipate this when contacting them.

Oct 03
Deadline For New Cybersecurity Reg Requirements is Nov. 1

cyber-security-1802603_640.png

We want to remind all Big I New York members of the upcoming deadline for complying with new cybersecurity requirements. The New York State Department of Financial Services (DFS) last November 1 amended its Cybersecurity Requirements for Financial Services Companies regulation. That amendment included several changes. Some of the changes took effect immediately. The deadlines for others were this past spring, with the deadlines for the rest next month and next year.

Many of the regulation's 24 sections do not apply to businesses that qualify for the “limited exemption." A business qualifies for the limited exemption if any one of the following three things are true about that business:

  • The business and its affiliates have fewer than 20 employees and independent contractors.
  • The business and its affiliates generated less than $7.5 million in gross annual revenue in each of the last three fiscal years from all operations (count only the New York State operations of affiliates.)
  • The business and its affiliates have less than $15 million in year-end total assets.

Most Big I New York members qualify for the limited exemption.

DFS sent an email to all New York licensed insurance professionals earlier this week reminding them of these deadlines. However, only two apply to all “covered entities" (the regulation's term for anyone with a New York banking, financial services, or insurance charter or license.) The other three apply only to businesses that do not qualify for the limited exemption and so-called “Class A companies" (very large companies with revenues in the tens of millions and more than 2,000 employees.)

The two November 1 deadlines that apply to all covered entities are:

1. Use multi-factor authentication (MFA) for any individual accessing the entity's information systems. However, agencies that qualify for the limited exemption must use it only for:

  • Remote access to the agency's computer systems.
  • Remote access to third-party applications from which individuals can access non-public information.
  • All “privileged accounts" (essentially system administrator accounts) other than service accounts that prohibit interactive login.

If your agency has not already implemented MFA and you need help, agency technology consulting firm Catalyit offers these resources:

Membership in Catalyit is free for Big I New York members, so we encourage all members to register.

2. Provide, at least annually, cybersecurity awareness training that includes social engineering for all personnel. The training should be updated as needed to reflect the risks the agency has identified during its annual cybersecurity risk assessment.

The Compliance Resources page in the Cybersecurity section of our website lists these potential providers of cybersecurity awareness training.

All covered entities, including agencies that qualify for the limited exemption, must comply with these requirements by November 1, 2024.

The deadlines that apply only to larger organizations involve cybersecurity reports to an entity's senior governing body, changes to encryption requirements, and changes to incident response and business continuity management requirements. These requirements do not apply to agencies that qualify for the limited exemption.

For more information:

 ‭(Hidden)‬ Blog Tools