Insights & Publications
Diversity & Inclusion
© 2020 Debevoise & Plimpton LLP
New York’s Proposed Cyber Regulations: Implications and Challenges
15 September 2016
View Client Update
If enacted, the new DFS cybersecurity regulations would raise the bar significantly for banks, insurers and other financial services providers under the Department’s jurisdiction. The Proposed Regulations are far-ranging in scope, including not only specific technical safeguards but also requirements regarding governance, incident planning, data management and system testing, and an aggressive 72-hour time frame to notify DFS of certain cyber incidents.
Although the Proposed Regulations echo a growing chorus of other regulators calling for improved cybersecurity measures by banks and insurers (notably the Financial Stability Oversight Council, FFIEC and the Federal Reserve Board), they go much further than any set forth before by requiring a comprehensive approach to mitigating cybersecurity risks.
As cyber threats continue to increase in volume and complexity, DFS’s proposals likely will influence the approach taken by federal and state regulators as they consider further regulation in this area and as they review the practices of organizations under their jurisdiction.
Cybersecurity & Data Privacy
White Collar & Regulatory Defense
Gregory J. Lyons
UK Modern Slavery Act Transparency Statement
Debevoise Women's Review