At the direction of New York Governor Andrew Cuomo, the New York Department of Financial Services ("NYDFS") is conducting an investigation on how insurers are protecting customers and companies from cyber threats. On May 28, 2013, the NYDFS exercised its authority under Section 308 of the New York Insurance Law to request special reports from the largest insurance companies that the NYDFS regulates, including Aetna, AIG, MetLife and Progressive. Recipients of the Section 308 letters are required to respond to the NYDFS with information on the policies and procedures they have implemented to protect against cyber attacks.
In response to the inquiry, Insurers must disclose any information on cyber attacks that the company has been subject to in the past three years and the amount of funds and other resources that the company dedicates to cyber security. The NYDFS and the Cyber Security Advisory Board, established by Governor Cuomo in January 2013 will use the information received to ensure that documents submitted to insurers such as health, personal and financial records will be safeguarded from cyber attacks. Governor Cuomo has already taken measures to prevent cyber attacks in banks, but has now turned his attention to insurance companies in order to keep "one eye on the lookout for the next big threat."