New York’s Proposes Cybersecurity Regulations
In early September 2016, the New York State Department of Financial Services (DFS) proposed a broad set of regulations for banks, insurers, and other financial institutions. The proposal is largely consistent with existing guidance, but it goes further in some ways. The most impactful new suggestions are the proposal’s call for enhanced encryption of data of all nonpublic information (including data both “in-transit” and “at-rest”) and improved multi-factor authentication.
Andrew Cuomo, Governor of New York commented:
“New York, the financial capital of the world, is leading the nation in taking decisive action to protect consumers and our financial system from serious economic harm that is often perpetrated by state-sponsored organizations, global terrorist networks, and other criminal enterprises,”
“This regulation helps guarantee the financial services industry upholds its obligation to protect consumers and ensure that its systems are sufficiently constructed to prevent cyber-attacks to the fullest extent possible.”
If enacted, the new DFS cybersecurity regulations would raise the bar significantly for banks, insurers and other financial services providers under the Department’s jurisdiction. The Proposed Regulations are far-ranging in scope, including not only specific technical safeguards but also requirements regarding governance, incident planning, data management and system testing, and an aggressive 72-hour time frame to notify DFS of certain cyber incidents.
In the UK, no general data breach notification is currently required and most firms choose not to go public if they can avoid it, to avoid taking a hit on their reputation. But this will change when the EU’s General Data Protection Regulation (GDPR) takes effect in 2018.
Infosec Partners can help
Concerned that your organisation isn’t prepared for the introduction of GDPR? We can help. From stress testing your security strategy and working with board level and executive leaders to strengthen the Cyber Culture of your organisation, to hands on the ground support in preparing your security ecosystem and responding to critical incidents. Infosec Partners are proven experts in full-spectrum cybersecurity and a team you can trust.
For your free consultation, complete the adjacent form or to speak with trusted advisor immediately call us on +44 (0)1256 893662.