Skip to main content
close search
site logo
Dive Brief

NY cybersecurity rules for banks, insurers to go live in March after push back

Published Dec. 30, 2016
Naomi Eide's headshot
Managing Editor
Wikimedia; Jonathunder

Dive Brief:

  • The New York State Department of Financial Services (DFS) released revisions this week for its proposed cybersecurity regulations that would require financial services companies, banks and insurance providers to establish and maintain a cybersecurity program designed to protect consumers. The rules — the first in the U.S. regulating banks and insurers cybersecurity — are set to go live on March 1. 
  • The proposed regulations were revealed in September and was set to go live the first day of 2017. But banks and insurers requested a deadline extension and some program adjustments. The new version of the proposed rules includes less restrictive timelines and requirements and will provide as long as two years for companies to comply with the rules, Reuters reports
  • "This updated proposal allows an appropriate period of time for regulated entities to review the rule before it becomes final and make certain that their systems can effectively and efficiently meet the risks associated with cyberthreats," said DFS Superintendent Maria Vullo in a statement. 

Dive Insight:

The proposed rules will be finalized following  a 30-day comment period. 

Cybersecurity laws are few and far between, particularly at the local level. New York's regulation is one of the first programs mandating companies to implement cybersecurity programs to protect customers.

To a CISO or CIO, those consumer cybersecurity protection measures are practically implied at this point, but cybersecurity can still take a back seat in board rooms. Those lacking cybersecurity measures could have embarrassing consequences. If organizations are found with lacking cybersecurity practices that result in a breach, they could become a target of the Federal Trade Commission

More states could certainly follow suit and implement locally-focused cybersecurity accountability measures, but companies are still pushing back resulting in regulation delays, such as those in New York. Companies should anticipate more cybersecurity mandates in the future, as government agencies are looking to regulate and protect against large-scale breaches and the release of sensitive customer information. 

Recommended Reading

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
NeuBird Secures $22.5M in Funding, Announces General Availability of Hawkeye: An AI Teammate f…
From NeuBird
December 11, 2024
Only Cynet Delivers 100% Protection and 100% Detection Visibility in the 2024 MITRE ATT&CK Eva…
From Cynet Security
December 11, 2024
Smart City Expo USA 2025 Speakers Announced
From Smart City Expo USA
December 11, 2024
Celonis Appoints Benoit Fouilland as Chief Financial Officer to Drive Next Phase of Growth
From Celonis
December 05, 2024
Editors' picks
Latest in Security
Industry Dive is an Informa TechTarget business.
© 2024 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.