Leading the way
editor_s-note
EDITOR'S NOTE: Sheryl Devore is a copy editor for OnCourse Learning. She has more than 25 years of writing and editing experience for regional and national publications.
New York plans to implement stricter new mandatory cybersecurity standards for financial services companies in 2017 which could become a model for the nation.
The proposed rule, by the New York Department of Financial Services, is the first in the nation to require financial service institutions to “establish and maintain a cybersecurity program designed to protect consumers and ensure the safety and soundness of New York State’s financial services industry,” according to a recent news release by the New York DFS. The rule was scheduled to take effect March 1 and companies will have until Sept. 1 to comply.
“From the moment it goes into effect, the DFS cybersecurity regulation will raise the bar for U.S. cybersecurity compliance standards,” said cybersecurity attorney Michael Gottlieb in a recent online New York Law Journal article. “Other regulators may follow suit with increasingly specific and stringent requirements,” said Gottlieb, a partner at Boies, Schiller & Flexner. The regulations, which have been called even more stringent than federal regulations, affect New York-based financial institutions, including banks, insurance companies and firms with branch offices in the state. “New Yorkers must be confident that the banks, insurance companies and the other financial institutions that they rely on are securely handling and establishing necessary protocols that ensure the security and privacy of their sensitive personal information,” New York DFS Superintendent Maria T. Vullo said in the DFS release.
Raising the bar
Proposed requirements
To read more about the proposed rule, click here.
See related item about New York cybersecurity regulations and other compliance-related news.
Read More
The DFS proposed the cybersecurity regulations in September 2016, and revised them after receiving more than 150 comments. The DFS changed the effective date from Jan. 1, 2017 to March 1, 2017, giving companies until Sept. 1 to comply.The policy did not change the Feb. 15, 2018 deadline for regulated companies to submit a certificate of compliance to the DFS. The revised regulations also provide more flexibility for individual cybersecurity programs, according to a National Law Review article published online in January 2017. The DFS planned to review more comments on its revised regulations. The American Insurance Association said it was encouraged by the revisions, according to a Jan. 31 statement issued by Alison Cooper, northeast region vice president. “The revised regulation better reflects a risk-based approach and allows greater flexibility for companies to continue to advance strong cybersecurity programs that fit their risk profile,” Cooper said in the statement. Another change relaxed the mandate to report cybersecurity events, but the revised rules would still require firms to file annual statements of their updated security plans, according to the New York Law Journal article.
New York, the financial capital of the world, is leading the nation in taking decisive action to protect consumers and our financial system from serious economic harm that is often perpetrated by state-sponsored organizations, global terrorist networks, and other criminal enterprises.”
— Gov. Andrew Cuomo said in September 2016 statement
Some of the proposed requirements for financial institutions include:
Create a written cybersecurity policy, which needs to be approved by senior management.
Designate a chief information security officer.
Train employees on cybersecurity issues.
Create an incident response plan and notify authorities.
Though the final rule could be revised yet again, the law firm of Holland & Knight, advised affected companies in New York to take action now. The rule “is not one that can simply be turned over to the information security team in most entities,” according to a recent Holland & Knight online newsletter article written by Christopher G. Cwalina, Scott T. Lashway, Norma M. Krayem and Kaylee A. Cox. The firm has offices throughout the U.S. including in New York. “The regulation sets forth an enterprise-level approach to managing cyber risk, including by expressly imposing responsibility for the cybersecurity program on senior management,” the authors wrote. The authors recommended management in affected companies prepare for the new rule by taking the following actions:
Assess security governance and controls with an attorney’s advice.
Identify roles and responsibilities within staff.
Determine and remediate security gaps.
New York establishes first-of-its-kind cybersecurity standards
article-down-arrow
© 2017 OnCourse Learning Corp. All rights reserved
Contact Us
20225 Water Tower Blvd. Brookfield, WI 53045
By Sheryl DeVore
BACK TO TOP
More inside this guide
share-dots-shadowleft-arrowright-arrowright-arrow-3
hamburguer-icon-shadow
MENU
X
Contents
HOME
arrow
arrow
Prevent cyberattacks
Landing-524882074
Banks must take proactive steps to stay ahead of cybercriminals
landing-506789534
Phishing for trouble
Hackers use phishing emails to steal data, penetrate networks
arrow
landing-81178245
Banks face new cyber regs
New cybersecurity standards could affect large financial institutions
arrow
callout-619521204
Leading the way
New York establishes first-of-its-kind cybersecurity standards
arrow
Landiing-522152569
What you need to know
Ways financial institutions can identify and respond to cyberthreats
arrow
landing-483590337-_1_
Email fraud and cybercrime
Tips to identify red flags and respond to email and cyberthreats
arrow
Landing-474096848
Understand the threats
Learn ways financial institutions can mitigate cyber risks
arrow
landing-518856699
Reduce cyber risk
OnCourse Learning webinar focuses on cybersecurity issues
arrow
Landing-639086112
Choose the right vendor
Financial institutions can be held responsible for vendor tech failures
arrow
ThinkstockPhotos-506752188
Become cyber secure
OnCourse Learning offers cybersecurity training to meet your needs
arrow
ThinkstockPhotos-487159125
Take cybersecurity seriously
Guide helps financial institutions identify cyberthreats
arrow
Landing-492263357
Beware of ransomware
Cyberattacks involving ransomware are a growing concern
arrow
landing-521421311
Stop the bad actors
Terrorists and other groups threaten the financial system
arrow
landing-78288589
Credit unions raise the bar
Agency creates cybersecurity assessments for credit unions
arrow
landing-468005219
Cyber preparedness
Why cybersecurity should be a top priority for your financial institution
arrow
landing-637910478
Increase cyber awareness
Federal and state agencies offer many cyber resources
arrow
landing-81859699
Protect online payments
Agency warns of cyberthreats to bank payment networks
arrow
Landing-506709328
Training in the cyber age
Preparation is better than remediation when it comes to cybersecurity
arrow
logo
How to Navigate
X
How to Navigate
BROWSE
FIND
right-arrowleft-arrow
hamburguer-icon-shadow
MENU
Move forward or backward between articles by clicking the arrows.
Click or tap to bring up the Table of Contents.
READ
facebooktwitterLinkedin
SHARE
scroll
Share articles by clicking on one of the social media icons in the upper right corner of the page.
Use your mouse wheel, keyboard arrow keys, or scroll bar to move up and down in an article.