International insurance group strengthens cybersecurity program and complies with comprehensive regulations

Representative client

International insurance group domiciled in New York

Client need/request

The client requested Baker Tilly to assist in identifying gaps and developing a roadmap for compliance with the New York State Department of Financial Services (NYS DFS) Cybersecurity Rule (23 NYCRR 500) and the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF). In addition to identifying gaps related to the rule’s requirements, the company wanted to locate opportunities to strengthen their cybersecurity environment.

Baker Tilly approach/tasks

Baker Tilly began with extensive project planning, working with the client to set a scope that adequately reflected their footprint and business activity. Once a plan was established, Baker Tilly conducted onsite fieldwork, testing controls and assessing the state of the internal framework. We analyzed findings to reveal gaps between the company’s cybersecurity system and their regulatory obligations. We categorized findings into strengths and weaknesses for reporting purposes.


Baker Tilly developed a remediation roadmap that directly connected gaps in the company’s framework to specific requirements in the 23 NYCRR 500 and NIST CSF, clearly delineating the gaps that existed and recommended activities for closing each gap.

For more information on this topic, or to learn how Baker Tilly's insurance industry specialists can help, contact our team.