Skip to content

New York State’s Department of Financial Services Issues Five New Cybersecurity Amendments

Published
Sep 28, 2022
Share

By Joseph Nguyen and Austin Jacks

Following an increase in ransomware attacks,[1] the New York State Department of Financial Services (NYS DFS), which oversees regulation for financial services and products totaling over $8.8 trillion, has issued five new amendments to the Part 500 Cybersecurity regulations for Class A companies, financial organizations that have over 2,000 employees or generates over $1 billion in annual revenue.  

These five new amendments, which are expected to go into effect by the end of this year, include the following:

  1. Annual audits of a firm’s cybersecurity program by an independent third party;
  2. An endpoint detection and response (EDR) solution on all computers to support network monitoring and incident response;
  3. Automated scans to detect and correct potential network vulnerabilities;
  4. Formal tests of business continuity and disaster recovery plans that simulate recovery procedures after a technology or operational outage event; and
  5. Notifying impacted parties as soon as possible and within 72 hours if unauthorized data access or ransomware is detected.

The NYS DFS initially put the Part 500 Cybersecurity requirements for financial services companies into effect on March 1, 2017. These regulations place cybersecurity requirements on all covered entities (financial institutions and financial services companies). The Part 500 regulations require New York banks, insurance companies, and other regulated financial services institutions to assess their cybersecurity risk profile. These regulations are designed to help mitigate the continuous threat that is posed to financial institutions by cyber criminals and ensure that their business is fully protected from these attacks.

In light of the updated cybersecurity requirements, financial services firms that are impacted by them are encouraged to leverage an outsourced internal audit and technology risk management team to manage and automate the above mentioned amendments.

(1)Cyber Insurers Hike Rates But Worry About Pricing Long-Term As Losses Mount: Fitch (insurancejournal.com)

Contact EisnerAmper

If you have any questions, we'd like to hear from you.

Explore More Insights

a statue of a bull on a brick road
Article

Trends Watch: Outlook for Investing in Carbon Neutral Companies

Read More
a couple of women smiling
Podcast

Outlook for Investing in Diversified Alternative Equities

Read More
a person standing on a rock with Christ the Redeemer in the background
Article

Venture Capital Slowdown Continues into Q1 2024

Read More
a green light in front of a city
Article

Trends Watch: VC Investing in Synthetic Bio

Read More
a close-up of a fish
Podcast

VC Investing in European Scale-Ups that Foster Climate Change

Read More
a building with many windows
Article

Trends Watch: Quality Investing

Read More
a close-up of a fish
Podcast

Outlook for Investing in Cryptocurrencies

Read More
a row of buildings with flags
Article

Trends Watch: Investing in Managed Futures

Read More
a close-up of a bug
Podcast

Outlook for the ETF Industry

Read More
a building with a tree growing on the roof
On-Demand Webinar

Navigating the SEC Climate Disclosures | Insights and Strategies

Read More
a person holding a pen and a tablet
Article

Trends Watch: Investing in Emerging and Frontier Markets Technology

Read More
a close-up of a bug
Podcast

Investing Outlook for 2024

Read More
View All Insights

Receive the latest business insights, analysis, and perspectives from EisnerAmper professionals.

Subscribe