Keeping Up With Cybersecurity: NYDFS Cybersecurity Regulation Enhancements Are Coming. Be Prepared.

White collar defense and investigations partner Peter Baldwin and insurance partner Bob Mancuso co-authored an article for the New York Law Journal discussing a pre-proposed second amendment to the New York State Department of Financial Services’ (NYDFS) Cybersecurity Requirements for Financial Services Companies, 23 NYCRR 500 (“Part 500”).

Baldwin and Mancuso explain NYDFS’s classification of Covered Entities and provide a list of 10 changes to Part 500 that Covered Entities should know about the pre-proposed second amendment:

1. Alert your leadership, CEOs would be required to sign off on compliance.
2. Notice of compliance, or the lack thereof, would need to be filed with NYDFS.
3. Multi-factor authentication would be more important than ever.
4. Enforcement of Part 500 by NYDFS would remain an important area of focus.
5. Large Covered Entities would have enhanced obligations under Part 500.
6. New triggers for providing notice of a cybersecurity event would be added.
7. Access privileges would need to be carefully managed and maintained.
8. Testing, assessments, and training would be enhanced.
9. Operational resiliency would need to be appropriately documented and deployed.
10. Covered Entities should review the limited exemption to re-determine applicability.

The full article is available to New York Law Journal subscribers.