New York wants to ensure that insurance companies are undertaking best efforts to keep the vast amount of personal information they collect away from the hands (or, in this case, the eyes) of hackers. In that vein, Governor Andrew Cuomo announced on May 28 that the state Department of Financial Services (DFS) was launching an inquiry into what measures regulated insurance companies have in place to thwart cyber threats. The DFS sent “308 Letters” (so-called because they are authorized by Section 308 of the New York Insurance Law) to the largest insurers that it regulates seeking information on their cybersecurity policies and procedures. The insurers are legally required to respond. The inquiry, which follows a similar inquiry made to banks earlier this year, seeks a wide range of information from recipients, including information on any cyberattack that they have suffered in the past three years; what safeguards, IT management policies, and internal control policies they have in place to protect against cyber threats; and how many resources and funds they devote to cybersecurity.