New York State Implements Cybersecurity Regulation 23 NYCRR 500
March 02, 2017, Bob Post, Senior Practice Director, Cyber Risk Advisory, Coalfire
On March 1st, 2017, sweeping new cybersecurity requirements were placed on organizations regulated by the New York State Department of Financial Services. The law applies to a broad set of ‘covered entities’ that are supervised by the NYDFS, including banks, trusts, budget planners, check cashers, credit unions, money transmitters, licensed lenders, mortgage brokers or bankers, and insurance companies that do business in New York. While large entities most likely meet these requirements already -- and very small entities are exempted from some of the requirements --, mid-market firms will be challenged to meet aggressive implementation timelines.