NYDFS Updates Its Cybersecurity Regulation to Protect Against Growing Cyber Threats
Time 2 Minute Read
Categories: Cybersecurity, Financial Privacy, Information Security

On November 1, 2023, New York Governor Hochul announced that the New York State Department of Financial Services (“NYDFS”) amended its Cybersecurity Regulation applicable to covered financial institutions. Our previous blog post covered key proposed changes to the Cyber Regulation.

The NYDFS, which regulates financial institutions including insurance companies, mortgage brokers and banks, adopted the original Cybersecurity Regulation in 2017. The new amendments strengthen the initial framework and require NYDFS-regulated entities to adhere to a number of additional prescriptive data security requirements, including adopting controls to prevent unauthorized access to information systems, conducting more regular risk assessments, maintaining robust incident response planning procedures, and adhering to updated notification requirements, such as the new requirement to report ransomware extortion payments to NYDFS within 24 hours of the payment.

The amended Cybersecurity Regulation will take effect in phases. Regulated entities generally have until April 29, 2024 to comply with the amended Regulation. Notably, however, the new reporting requirements will take effect sooner, on December 1, 2023. For certain other requirements, regulated entities will have between one and two years to reach compliance. Specific compliance dates can be found on the NYDFS Cybersecurity Resource Center website.

In the coming weeks, NYDFS will host an upcoming series of training sessions on the amended Cybersecurity Regulation to help regulated entities plan for compliance.

Tags: Compliance, New York, Ransomware
Print Email Twitter/X Linkedin Facebook

You May Also Be Interested In

Time 5 Minute Read
How Insurance Fundamentals Drove a Coverage Win for Uber
By and

A recent summary judgment order is a reminder that, in insurance coverage disputes, straightforward arguments can still win the day. In a coverage action arising from dozens of underlying personal injury suits, the court adopted a clear, text-based approach to the duty to defend—and ordered the insurer to provide a defense.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 3 Minute Read
The Rise of Luxury Gyms: Opportunities and Risks for Landlords
By and

The post-COVID real estate market has seen a surge in luxury gyms and fitness spaces.  Members are willing to shell out several hundred dollars a month for memberships at popular high-end fitness chains. These modern luxury gyms offer more than just workout spaces.  Many offer holistic lifestyle services such as spas, hair salons, social amenities, co-working spaces, and daycare. These luxury gyms are gaining larger footprints and emerging as a unique retail asset.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 3 Minute Read
New York Proposes Nation-Leading Buy Now, Pay Later Regulations
By and

On Feb. 23, 2026, New York Governor Kathy Hochul announced that the New York Department of Financial Services (“NYDFS”) had published proposed rules implementing the state’s Buy Now, Pay Later (“BNPL”) law.  The proposal would establish the nation’s first comprehensive regulatory framework for the rapidly growing pay-over-time consumer market niche. 

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
Fashion Accountability Update: New York Bill Lives On
Fashion Accountability Update: New York Bill Lives On
By , , and

In 2025, four states—California, Massachusetts, New York, and Washington—proposed fashion accountability bills. These bills would require high-earning entities in the fashion industry to conduct extensive supply chain due diligence, and to monitor and report greenhouse gas (GHG) emissions, water use, and chemical management.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page