19 October 2017
visit www.avoka.com

New York cybersecurity rules to come into force on 1 March

22 February 2017  |  3156 views  |  0 Source: NYDFS

Governor Andrew M. Cuomo today announced the first-in-the-nation cybersecurity regulation to protect New York’s financial services industry and consumers from the ever-growing threat of cyber-attacks will take effect on March 1, 2017.

The final regulation requires banks, insurance companies, and other financial services institutions regulated by the Department of Financial Services to establish and maintain a cybersecurity program designed to protect consumers’ private data and ensure the safety and soundness of New York’s financial services industry.

"New York is the financial capital of the world, and it is critical that we do everything in our power to protect consumers and our financial system from the ever increasing threat of cyber-attacks," Governor Cuomo said. "These strong, first-in-the-nation protections will help ensure this industry has the necessary safeguards in place in order to protect themselves and the New Yorkers they serve from the serious economic harm caused by these devastating cyber-crimes."

New York State Department of Financial Services Superintendent Maria T. Vullo said, “With this landmark regulation, DFS is ensuring that New York consumers can trust that their financial institutions have protocols in place to protect the security and privacy of their sensitive personal information. As our global financial network becomes even more interconnected and entities around the world increasingly suffer information breaches, New York is leading the charge to combat the ever-increasing risk of cyber-attacks.”

The final risk-based regulation includes certain regulatory minimum standards while encouraging firms to keep pace with technological advances. The new regulation provides important protections to prevent and avoid cyber breaches, including:

Controls relating to the governance framework for a robust cybersecurity program including requirements for a program that is adequately funded and staffed, overseen by qualified management, and reported on periodically to the most senior governing body of the organization;
Risk-based minimum standards for technology systems including access controls, data protection including encryption, and penetration testing;
Required minimum standards to help address any cyber breaches including an incident response plan, preservation of data to respond to such breaches, and notice to DFS of material events; and
Accountability by requiring identification and documentation of material deficiencies, remediation plans and annual certifications of regulatory compliance to DFS.

Manhattan District Attorney Cyrus R. Vance, Jr., said, “As Manhattan District Attorney, I know that defeating cybercrime requires not only prosecuting it, but taking necessary actions to prevent it. DFS’s cybersecurity regulation will be a crucial tool in the ongoing battle against cyber-crime and identity theft by mandating that New York’s financial services industries adopt and put in place robust and appropriate controls to detect, thwart and report cyber incidents.”

Richard Clarke, Chairman and CEO, Good Harbor Consulting, LLC and Governor’s Cyber Security Advisory Board Member, said, “New York State recognizes how critical it is to safeguard the financial services industry from the ever-growing threat of cyber-attacks. With this regulation, DFS is leading the nation in promulgating strong minimum standards to protect regulated entities and the consumers they serve.”

DFS carefully considered all comments submitted during a 45-day comment period following the publication of the proposed regulation in September 2016 and a 30-day comment period following the publication of the updated proposed regulation in December 2016. Suggestions that DFS deemed appropriate were incorporated in the final regulation.

The regulation will be become effective upon publication in the New York State Register on March 1, 2017.

Comments: (0)

Comment on this story (membership required)

Related blogs

Create a blog about this story (membership required)
visit www.fivedegrees.nlvisit www.vasco.com

Top topics

Most viewed Most shared
Ripple looks to drive bank adoption with $300m XRP rebate programmeRipple looks to drive bank adoption with $...
15785 views comments | 12 tweets | 4 linkedin
Swift positive on blockchain, but big challenges remainSwift positive on blockchain, but big chal...
8945 views comments | 16 tweets | 22 linkedin
satelliteGates Foundation backs Ripple collaboratio...
8031 views comments | 13 tweets | 10 linkedin
IBM uses blockchain to improve cross-border payments processingIBM uses blockchain to improve cross-borde...
7135 views comments | 9 tweets | 17 linkedin
Santander InnoVentures leads $6m funding round for Mexico's ePesosSantander InnoVentures leads $6m funding r...
6280 views comments | 6 tweets | 3 linkedin

Featured job

Competitive base, double ote, benefits
London, UK

Find your next job