Brian Montgomery is a partner at Pillsbury and a former NYDFS deputy superintendent. Mark Krotoski is a partner at Pillsbury and former national coordinator for the Computer Hacking and Intellectual Property Program at the Department of Justice. In an article on Bloomberg Law, they write:
Cybersecurity regulations can be a constantly moving target, with digital advances and sophisticated threat actors appearing at every turn. New York State’s Department of Financial Services made significant moves last November toward boosting the state’s regulatory framework around these distinct challenges.
With the approach of the new regulations’ first anniversary—marking the effective date for several of the most important new compliance requirements—companies should stay vigilant as cyberattacks and security breaches become an increasing concern.
NYDFS regulates more than 3,000 financial institutions with assets totaling more than $9.7 trillion including insurance companies, health insurers and managed care organizations, banking and other financial institutions, and virtual currency companies, among others.
The latest regulations from 2023 update a 2017 version of the NYDFS cybersecurity regulation to create more rigorous reporting, incident response, and governance standards. Also, a new category was included for large Class A firms. The requirements under the amendment are being phased in.
Is your business ready to manage cybersecurity events including ransomware attacks? Key steps can guide your response plan under New York’s new requirements.
Read more at Bloomberg Law.
