News & Insights

The New York State Department of Financial Services Adopts Amendments to Strengthen Cybersecurity Regulations

November 7, 2023

What happened?

On Nov.1, 2023, the New York State Department of Financial Services (NYDFS) finalized amendments to its 2018 regulations on cybersecurity to enhance cybersecurity governance, mitigate risks, and protect New York businesses and consumers from cyber threats. The amendments build upon the state’s existing cybersecurity regulations, which established an initial framework to protect against cyber threats, in an effort to improve safeguards for businesses and consumers.

“New York has always led the way in protecting businesses and consumers from online threats, and with these amendments to our nation-leading cybersecurity regulations, we are continuing to set the national standard,” Governor Hochul said. “On the heels of launching the State’s first-ever cybersecurity strategy, boosting state law enforcement’s cyber capabilities, and signing landmark legislation to protect our energy grid from cyberattacks, my administration is doubling down on our commitment to ensuring that financial institutions have the safeguards in place to protect vital customer data and maintain the integrity of our financial system.”

Key changes to regulations include:

  • Enhanced governance requirements;
  • Additional controls to prevent initial unauthorized access to information systems and to prevent or mitigate the spread of an attack;
  • Requirements for more regular risk and vulnerability assessments, as well as more robust incident response, business continuity, and disaster recovery planning;
  • Updated notification requirements including a new requirement to report ransomware payments; and
  • Updated direction for companies to invest in at least annual training and cybersecurity awareness programs that anticipate social engineering attacks and that are otherwise relevant to their business model and personnel.

To read the full press release, click here. To view a final copy of the adopted regulations, click here.

What does this mean for me?

This announcement represents a step toward tighter cybersecurity controls, which could be replicated in other states. Advisers should pay attention to local announcements to make sure current cybersecurity measures are in compliance. If you have any questions, please let us know.

Click below to view General Filing Deadlines and SEC Holidays

Regulatory Calendar

Stay up to date on the latest industry news and resources.

Filter by Category

Filter by Topic

Fairview

Fairview has been providing streamlined solutions to providers in the financial services industry since 2005. We are part of ViewPoint Partners, our employee-owned parent company for both Fairview and FilePoint, which provides regulatory reporting solutions for registered investment companies.

©2024 Fairview® Investment Services, LLC. All rights reserved.

1330 St. Mary’s St.
Suite 400
Raleigh, NC 27605

info@fairviewinvest.com
919.706.4100
FAX: 800.770.9925