{"id":269541,"date":"2026-06-10T14:30:00","date_gmt":"2026-06-10T18:30:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/06\/10\/what-a-2-25m-ny-cybersecurity-settlement-means-for-businesses-your-4-step-action-plan-fisher-phillips\/"},"modified":"2026-06-10T14:35:11","modified_gmt":"2026-06-10T18:35:11","slug":"what-a-2-25m-ny-cybersecurity-settlement-means-for-businesses-your-4-step-action-plan-fisher-phillips","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/06\/10\/what-a-2-25m-ny-cybersecurity-settlement-means-for-businesses-your-4-step-action-plan-fisher-phillips\/","title":{"rendered":"What a $2.25M NY Cybersecurity Settlement Means for Businesses: Your 4-Step Action Plan | Fisher Phillips"},"content":{"rendered":"<p><a href=\"https:\/\/www.jdsupra.com\/legalnews\/what-a-2-25m-ny-cybersecurity-5145998\/\">What a $2.25M NY Cybersecurity Settlement Means for Businesses: Your 4-Step Action Plan | Fisher Phillips<\/a><\/p>\n<p><a href=\"https:\/\/www.jdsupra.com\/legalnews\/what-a-2-25m-ny-cybersecurity-5145998\/\">https:\/\/www.jdsupra.com\/legalnews\/what-a-2-25m-ny-cybersecurity-5145998\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-10 14:30:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.jdsupra.com\">www.jdsupra.com<\/a><\/p>\n<p><span aria-label=\"Fisher Phillips image widget\" contenteditable=\"false\" role=\"region\" tabindex=\"-1\"><span title=\"Click and drag to resize\">\u200b<\/span><\/span><\/p>\n<p>A recent $2.25 million settlement between an insurance company and the state of New York presents a cautionary tale for businesses in the Empire State. The New York State Department of Financial Services (NYDFS) found that the company\u2019s incident response plan was inadequate and allowed threat actors to access New Yorkers\u2019 personal information. Settlements between state cyber regulators and impacted organizations are often the result of the organizations\u2019 missteps following a breach. In this case, NYDFS not only found that the company failed to meet reporting requirements following a cyber incident, but also that its preventative measures were deficient. Here\u2019s why that\u2019s important and what your organization should do to avoid similar sanctions.<\/p>\n<p><strong>The Significance of the Settlement<\/strong><\/p>\n<p>The insurance company agreed to settle the state\u2019s claims after an NYDFS investigation concluded that the insurance company\u2019s preventative cybersecurity policies and practices that were in place before the breach failed to satisfy the state\u2019s regulatory threshold. The state also found that the company failed to report the breach to officials in a timely manner. NY\u2019s Cybersecurity Regulation requires covered entities to notify regulators of a cybersecurity incident \u201cpromptly\u201d and no later than 72 hours after a determination that a reportable event has occurred.<\/p>\n<p>Specifically, the state said the insurance company\u2019s cybersecurity posture did not meet requirements related to retention settings, controls, procedures, and policies that exist to protect the information systems and consumer data of regulated financial institutions, according to the April 30 settlement.<\/p>\n<p><strong>Key issues identified by investigators:<\/strong><\/p>\n<ul>\n<li>No set policies or procedures for the periodic and secure disposal of non-public information that is no longer necessary for business operations or for other legitimate business purposes.<\/li>\n<li>No written or implemented policy addressing incident&#8230;<\/li>\n<\/ul>\n<p><a href=\"https:\/\/www.jdsupra.com\/legalnews\/what-a-2-25m-ny-cybersecurity-5145998\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>What a $2.25M NY Cybersecurity Settlement Means for Businesses: Your 4-Step Action Plan | Fisher&#8230;<\/p>\n","protected":false},"author":1,"featured_media":269542,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/jdsupra-static.s3.amazonaws.com\/profile-images\/og.7295_0824.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[30],"class_list":["post-269541","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-breach"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/269541"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=269541"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/269541\/revisions"}],"predecessor-version":[{"id":269544,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/269541\/revisions\/269544"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/269542"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=269541"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=269541"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=269541"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}