On September 3, another set of New York's cybersecurity regulations under 23 NYCRR 500 went into effect after an 18-month transitional period. The regulations, 23 NYCRR 500, require insurers who write policies in New York to encrypt customers' nonpublic information both in transit and at rest. Insurers also are required to maintain audit trails of all financial transactions that take place on their networks, as well as audit trails to detect and respond to a data breach.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.