The final cyber security regulations unveiled by Gov. Andrew Cuomo and the New York Department of Financial Services (DFS) went into effect on March 1st.
In a nutshell, financial services companies in the state of New York must maintain a cybersecurity program designed to protect the confidentiality, integrity and availability of their information systems, and detect and respond to identified cyber security events. They will also have to maintain risk-based minimum standards for technology systems.
The new rules stipulate that companies must enact:
- Controls relating to the governance framework for a robust cybersecurity program including requirements for a program that is adequately funded and staffed, overseen by qualified management, and reported on periodically to the most senior governing body of the organization.
- Risk-based minimum standards for technology systems including access controls, data protection including encryption, and penetration testing.
- Required minimum standards to help address any cyber breaches including an incident response plan, preservation of data to respond to such breaches, and notice to DFS of material events.
- Accountability by requiring identification and documentation of material deficiencies, remediation plans and annual certifications of regulatory compliance to DFS.
Many banks and insurers already have cybersecurity programs in place but the new regulation now makes them mandatory.
If you already have a cyber security program, congratulations! If your organization needs assistance getting a strategy in place, Neovera can help. With our vast cyber security services portfolio and expertise, we can ensure you meet each regulation and help your company increase its security posture with an affordable solution.