"New Cyber Rules for New York Financial Firms Signal Nationwide Changes"

In August, the New York Department of Financial Services (NYDFS) proposed new amendments to help increase its cybersecurity requirements for financial institutions headquartered in the state, signaling the possibility of heightened regulations for all US banks. In regard to codifying cybersecurity and other regulatory rules for financial institutions, New York has long been a pacesetter. Since 2015, New York state has taken the lead in developing cybersecurity regulations and guidance for financial institutions. The NYDFS played a significant role in settling cybersecurity rules and guidance in 2017. The cybersecurity landscape has evolved since then, and the Draft Amendments demonstrate that the NYDFS continues to take a forward-leaning role in bolstering cybersecurity practices. Recent NYDFS proposals raised expectations for senior leaders, heightened technology requirements, expanded the set of events covered by the mandatory 72-hour notification requirements, and more. Furthermore, the amended regulations would create a new class of entities that would be subject to increased obligations for their cybersecurity programs. The definition of a cybersecurity program has also been expanded to cover nonpublic information stored on information systems. This article continues to discuss the key provisions of the NYDFS amendments. 

SC Magazine reports "New Cyber Rules for New York Financial Firms Signal Nationwide Changes"