Hot Topic



New Requirements for EVERY Agency

The NYS Department of Financial Services (DFS) has new cybersecurity rules that every agency must follow.  Failure to do so will result in fines. 


Exclusively for IIABNY members: Watch helpful videos on the cybersecurity regulation here.

What do you need to do? 
Start here. We'll walk you through it.

STEP 1  |  Determine if you qualify for a limited exemption

Your agency qualifies for a limited exemption if any of the following apply to it:

  • Fewer than 10 employees (including independent contractors)
  • Less than $10 million in year-end total assets 
  • Less than $5 million in gross revenue

We at IIABNY are very proud of the hard work and great success we had in expanding the limited exemption, thus allowing more agencies to be included in it and drastically reducing the hardship it presents.

Note: A limited exemption does not get you completely off the hook, but it drastically reduces the number of required actions.  

't qualify for the limited exemption? Don't worry, we will help you comply.

STEP 2  |  Complete the round 1 requirements by August 28

Complete the following actions by August 28, 2017 

Agencies with Limited Exemption

  • File notice of limited exemption with DFS (you have 30 days from this date to submit)How: Complete online filing


All Agencies (including those with limited exemption)

encies WITHOUT Exemption Must Also

  • Develop an incident response plan
  • Employ cybersecurity personnel

Note - Many agencies would benefit from the guidance of a cybersecurity professional. We connected with providers across NY to learn which areas each can lend expertese to. The result - a grid of providers for you to choose the right fit for your agency.  View the directory

STEP 3  |  Annual Certification of Compliance

Completing steps 1 and 2 will fulfill your requirements for 2017.  Yay! 

Mark February 15, 2018 on your calendar (and every February 15 in the future)  That is when you must file your first annual certification of compliance. You will file it the same way you filed your limited exemption – online at the DFS website. You will be certifying that you are in compliance with the DFS Cybersecurity Regulation each year.


Extras: Tips to be cyber-smart


Protect Your Agency's Data (Agents Council For Technology)

Cyber Liability Coverage for Your Agency

Cyber Coverage by the Numbers (A.M. BestTV video)

Guiding Principles for Cybersecurity



Kathleen Weinheimer

Kathleen WeinheimerSenior Vice President of Industry Relations
P: 800-962-7950 EXT: 239
F: 315-432-0510