The New York financial services cybersecurity regulation requires covered entities, including insurance agencies and brokerages, to perform due diligence on certain third-party service providers to determine their cybersecurity practices. The New York State Department of Financial Services has interpreted this as meaning that agencies and brokerages must perform due diligence on the practices of the insurance carriers with whom they do business. 

The U.S. Securities and Exchange Commission requires publicly traded companies to include descriptions of their cybersecurity programs in their annual financial reports. The list below contains links to the reports major insurance carrier groups made in the winter of 2024 of their 2023 results.