On July 22, the New York State Department of Financial Services announced cybersecurity charges against First American Title Insurance Company. Many regulated companies in New York are wondering if this could be the beginning of a wave of enforcement actions.
As Jeff Alberts, Co-Chair of the Financial Institutions Group, discusses in this video, it has been several years since the NYDFS promulgated its Cybersecurity Regulation, Part 500 of Title 23 of the New York Codes, Rules, and Regulations. During that time, many institutions have complained about the ambiguity of that regulation and the difficulty of fully complying with it. The NYDFS appears to have given the companies a few years to become fully compliant before imposing penalties on them.
Check out this video to hear Jeff's thoughts on what led to these charges against First American, which is one of the largest providers of title insurance in the United States. Jeff also discusses what regulated companies can do to reduce the risk of facing an enforcement action for violating Part 500.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.