The governor of New York and the state regulator have proposed a set of regulations for banks, insurance companies, and other financial services institutions to help them protect consumers and the financial sector from the threat of cyber attacks.

The rules require financial services institutions regulated by the State Department of Financial Services to establish and maintain a cybersecurity program.

The program should include annual penetration testing and vulnerability assessments, annual risk assessment of the confidentiality and availability of information systems, monitoring of authorised users and cybersecurity awareness training for all personnel, among others.

Further, the rules mandate firms to have policies in place to ensure the security of information systems and nonpublic information accessible to, or held by, third-parties.

"This regulation helps guarantee the financial services industry upholds its obligation to protect consumers and ensure that its systems are sufficiently constructed to prevent cyber-attacks to the fullest extent possible," Governor Andrew Cuomo said.

Financial services firms also have to appoint a chief information security officer, who will help implement, manage and enforce the new program and present bi-annual reports about progress and vulnerabilities to the board.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

New York State Department of Financial Services superintendent Maria Vullo said: “DFS designed this groundbreaking proposed regulation on current principles and has built in the flexibility necessary to ensure that institutions can efficiently adapt to continued innovations and work to reduce vulnerabilities in their existing cybersecurity programs.

“Regulated entities will be held accountable and must annually certify compliance with this regulation by assessing their specific risk profiles and designing programs that vigorously address those risks."

The proposed rules are subject to a 45-day notice and public comment period before final issuance.