Eight auto insurers failed to meet the requirements of New York’s cybersecurity regulations during widespread online attacks in 2021 and will pay $19 million under consent orders with the New York State Department of Financial Services (NYDFS).
New York State’s Cybersecurity Regulation (CR), which took effect in 2017 and was amended in 2023, requires many financial firms and insurers to implement and maintain cybersecurity controls aimed at safeguarding consumer data.
