Bloomberg reports:
New York regulators assigned heightened cybersecurity requirements to banks, insurers, and financial services providers based in the state with the release of finalized rule amendments Wednesday.
Covered entities will have to use multifactor authentication, expand cybersecurity governance duties, and conduct consistent threat testing under the regulation updated by the New York Department of Financial Services.
The New York agency is a national leader in cybersecurity regulation, with other state and federal regulators adopting its approach—the Federal Trade Commission notably said its newest breach reporting standards were “based primarily” on rules first established in New York.
Read more at Bloomberg Law.
Note: DFS will host a series of webinars to provide an overview of the amended cybersecurity regulations. Registration details for these training events and compliance timeline are available on the DFS website.