White Papers

Five Pitfalls for Financial Organizations in Complying with the New York DFS Cybersecurity Regulation

Issue link: https://resources.edgile.com/i/1038284

Contents of this Issue

Navigation

Page 1 of 11

Edgile 2 It is critical for all regulated institutions that have not yet done so to move swiftly and urgently to adopt a cybersecurity program and for all regulated entities to be subject to minimum standards with respect to their programs. The number of cyber events has been steadily increasing and estimates of potential risk to our financial services industry are stark. — New York State Department of Financial Services 23 NYCRR 500 Introduction " " Tougher rules from various regulatory bodies and governmental agencies are causing fundamental shifts in the way financial organizations establish and sustain IT risk management policies and practices. The new cybersecurity regulation from New York's Department of Financial Services (NYDFS) is a prime example. The NYDFS Cybersecurity Regulation not only increases the stringency and rigor of cybersecurity for financial institutions, but also broadens the scope. The regulation language suggests that financial institutions can no longer restrict their data security policies to retail-facing consumer information. They must now also protect all non- public information, including commercial accounts. Many financial institution executives have been hoping to see a walk-back of certain regulatory demands imposed on them in recent years as a result of the new administration in the White House. But no matter what happens in Washington, D.C., institutions will still have to comply with New York's DFS Cybersecurity Regulation requirements. Meeting the Demands of Cyber- security Regulation Requirements

Articles in this issue

view archives of White Papers - Five Pitfalls for Financial Organizations in Complying with the New York DFS Cybersecurity Regulation