New York’s Department of Financial Services (DFS) has been quite active in requiring its licensees to comply with its Cybersecurity Rule (“Rule”). Effective March 1, 2017, the DFS promulgated a regulation implementing the Rule.
I published a White Paper about the Rule in advance of its effective compliance date, entitled
Cybersecurity Guidelines –
“First-in-the-Nation” Regulation
You’re welcome to download it HERE.
From its inception, the DFS requires individuals and entities to comply with the Rule. These are called “Covered Entities.” A Covered Entities include, but are not limited to, partnerships, corporations, branches, agencies, and associations operating under, or required to operate under, a license, registration, charter, certificate, permit, accreditation, or similar authorization under the banking law, the insurance law, or the financial services law.
I agree that the DFS influences other state banking departments vis-à-vis cybersecurity regulations. Now, the DFS is proposing to update the Rule. So, it’s a good time to anticipate policy and procedure revisions. Even if the proposed Amendments (“Amendments”) are not adopted in full or at all, given the rapidly evolving cyber threat landscape and, in particular, the growing prevalence of ransomware incidents, many aspects of the Amendments reflect Best Practices.
