News by sections

News by region
Issue archives
Archive section
Emerging talent
Emerging talent profiles
Domicile guidebook
Guidebook online
Search site
Features
Interviews
Domicile profiles
Generic business image for news article Image: Shutterstock

13 March 2017
New Jersey
Reporter Mark Dugdale

Captives must maintain cyber vigilance

Certain captive insurers and risk retention groups (RRGs) must remain vigilant against cyber threats, despite exemption from the new rules in effect in New York, according to A.M. Best.

The rating agency warned in a new briefing that it has been heightening its focus on cyber liability, which now forms part of its assessment of a company’s risk management practices.

“Understanding a company’s vulnerabilities and the safeguards to deal with potential cyber threats is a subset of A.M. Best’s view of a company’s enterprise risk management,” the rating agency explained in a foreword to the briefing.

Pure captives, industrial insured group captives and RRGs were among those exempted from the final New York State Department of Financial Services (NYDFS) cyber security rules, which went into effect on 1 March.

Exempt insurers still need to file a certificate of exemption with the NYDFS within 30 days.

The new rules require banks, insurance companies and other financial services institutions regulated by the NYDFS to establish and maintain cyber security programmes designed to protect consumers’ private data and ensure industry safety.

Requirements include conducting periodic risk assessments, maintaining a cyber security programme based on the risk assessment, complying with governance and staffing requirements, and providing regular cyber security awareness training.

Error querying database