Governor Hochul Announces Updates To New York's Nation-Leading Cybersecurity Regulations As Part Of Sweeping Effort To Protect Businesses And Consumers From Cyber Threats
Builds on Governor’s Commitment to Bolstering Cybersecurity Statewide Following Launch of New York’s First-Ever Cybersecurity Strategy
- Enhanced governance requirements;
- Additional controls to prevent initial unauthorized access to information systems and to prevent or mitigate the spread of an attack;
- Requirements for more regular risk and vulnerability assessments, as well as more robust incident response, business continuity, and disaster recovery planning;
- Updated notification requirements including a new requirement to report ransomware payments; and
- Updated direction for companies to invest in at least annual training and cybersecurity awareness programs that anticipate social engineering attacks and that are otherwise relevant to their business model and personnel.
As part of its data-driven approach to cybersecurity, DFS conducted significant outreach through cyber symposiums and conferences and dialogue with state, federal and international regulators, industry, and other experts in the field of cybersecurity. The adopted amendment holds DFS-regulated businesses and licensed entities accountable for implementing cybersecurity protections, and ensuring they maintain cyber defenses appropriate to their size, nature of business, and the type of data maintained, among other relevant considerations while continuing to foster growth of New York’s financial services industry.
Under Governor Hochul's leadership, New York continues to create the national model for smart and effective cybersecurity policy. Earlier this year, the Governor launched the first-ever New York State Cybersecurity Strategy, a comprehensive roadmap to build cyber resilience in every corner of the state. Governor Hochul also launched a nation-leading cybersecurity shared services program to protect county and local government entities, covering more than 65,000 government-owned computers across the state, and expanded the state’s law enforcement cyber capabilities by growing the Computer Crimes Unit, Cyber Analysis Unit, and Internet Crimes Against Children Center at the New York State Police. Last year, Governor Hochul also signed landmark legislation to protect New York's energy grid from cyberattacks. As cyber threats rapidly evolve, New York remains at the cutting edge of cybersecurity policy and continues to strengthen defenses across the public and private sectors.
DFS will host a series of webinars to provide an overview of the amended cybersecurity regulations. Registration details for these training events and compliance timeline are available on the DFS website.