New York: NYDFS Further Enhances Its Cybersecurity Regulations
When the New York Department of Financial Services (NYDFS) first promulgated its cybersecurity regulations in March 2017 (the Cybersecurity Regulations), these were widely considered the most prescriptive requirements imposed on financial institutions nationwide. The Cybersecurity Regulations aimed to address constantly evolving cyber threats and enhance the financial industry's cybersecurity practices to reflect the reality that the cybersecurity landscape is changing rapidly with the increased sophistication of threat actors, rising prevalence of cyberattacks (including ransomware), higher remediation costs, and the proliferation of cybersecurity solutions and tools.
Moving the bar even further, the NYDFS has chosen to further enhance the Cybersecurity Regulations with recent updates announced on November 1, 2023. For those financial institutions subject to the NYDFS Cybersecurity Regulations, understanding the latest changes will be crucial to ensure compliance with these regulatory expectations in the coming years. Kim Phan, partner at Troutman Pepper Hamilton Sanders LLP, highlights the recent amendments.