A08463 Summary:

BILL NOA08463
 
SAME ASNo Same As
 
SPONSORBores
 
COSPNSR
 
MLTSPNSR
 
Add §3114, Ins L
 
Requires policies covering losses or damages from cyberattacks to include a requirement that the insured notify a law enforcement agency before receiving payment for losses or damages suffered as a result of the cyberattack.
Go to top    

A08463 Actions:

BILL NOA08463
 
12/29/2023referred to insurance
01/03/2024referred to insurance
Go to top

A08463 Committee Votes:

Go to top

A08463 Floor Votes:

There are no votes for this bill in this legislative session.
Go to top

A08463 Memo:

NEW YORK STATE ASSEMBLY
MEMORANDUM IN SUPPORT OF LEGISLATION
submitted in accordance with Assembly Rule III, Sec 1(f)
 
BILL NUMBER: A8463
 
SPONSOR: Bores
  TITLE OF BILL: An act to amend the insurance law, in relation to requiring policies covering losses or damages from cyberattacks to include a requirement that the insured notify a law enforcement agency within seventy-two hours of discovery of the cyberattack   PURPOSE OR GENERAL IDEA OF BILL: This bill would encourage reporting eyberattacks to law enforcement by requiring that the insured corporation or business entity notify law enforcement of a. cyberattack before being eligible to receive payment for losses or damages from a cyberattack.   SUMMARY OF PROVISIONS: Section one amends the insurance law to state that insurance policies covering losses or damages from cyberattacks shall require the corpo- ration or business entity to notify law enforcement of the cyberattack before being eligible to receive payment for such losses or damages suffered due to a cyberattack.   JUSTIFICATION: The companies that store your personal information are constantly under attack. This goes beyond your Netflix password - your social security number, your credit card information, and your home address are all targets for hackers online. It is your right to know when your personal information is stolen. Only then can you protect yourself. The problem is that companies often keep hacks under wraps. The FBI's Internet Crime Complaint Center estimated in a 2016 report that only 15% of victims report the crime to law enforcement. Millions of New Yorkers might have their credit card numbers floating around online and not even know. New York State already requires businesses to notify everyone whose information was compromised and relevant government and law enforcement offices once that business discovers it has been the victim of a cyber- attack. As noted above, though, they often do not. In the status quo, it is too easy for a company to get hacked, collect their insurance payout, and never tell anyone. This bill would strengthen the incentive to report cyberattacks to law enforcement. Under this legislation, insurers would be prohibited from reimbursing companies that have been hacked unless the corporation or business entity reports the crime to law enforcement. Under this bill, failing to report a cyberattack finally has a price.   PRIOR LEGISLATIVE HISTORY: This is a new bill.   FISCAL IMPLICATIONS FOR STATE AND LOCAL GOVERNMENTS: None.   EFFECTIVE DATE: This act shall take effect one hundred and eighty days after it shall have become a law.
Go to top

A08463 Text:



 
                STATE OF NEW YORK
        ________________________________________________________________________
 
                                          8463
 
                               2023-2024 Regular Sessions
 
                   IN ASSEMBLY
 
                                    December 29, 2023
                                       ___________
 
        Introduced  by M. of A. BORES -- read once and referred to the Committee
          on Insurance
 
        AN ACT to amend the insurance law, in  relation  to  requiring  policies
          covering  losses or damages from cyberattacks to include a requirement
          that the insured notify a law enforcement  agency  within  seventy-two
          hours of discovery of the cyberattack

          The  People of the State of New York, represented in Senate and Assem-
        bly, do enact as follows:
 
     1    Section 1.  Short title. This act shall be known and may be  cited  as
     2  the "cyber ransom prevention act".
     3    § 2. The insurance law is amended by adding a new section 3114 to read
     4  as follows:
     5    §  3114.  Policies  covering  cyberattacks. Any insurance policy which
     6  provides coverage for losses or damages suffered  by  a  corporation  or
     7  business  entity  following  a cyberattack shall require that the corpo-
     8  ration or business entity shall notify a law enforcement agency  of  the
     9  cyberattack before receiving payment for losses or damages suffered as a
    10  result of such cyberattack.
    11    § 3. This act shall take effect on the one hundred eightieth day after
    12  it shall have become a law.
 
 
 
 
         EXPLANATION--Matter in italics (underscored) is new; matter in brackets
                              [ ] is old law to be omitted.
                                                                   LBD11860-03-3
Go to top

A08463 LFIN:

 NO LFIN
Go to top

A08463 Chamber Video/Transcript:

Go to top