To combat the increasing number of cyber-attacks targeting financial institutions, the New York State Department of Financial Services (DFS) is strengthening the protective measures used to defend banks and their clients from data breaches. The newly enacted program, Cybersecurity Requirements for Financial Services Companies, is designed to protect consumers and ensure the safety and soundness of New York State’s financial services industry.
In summary, according to this regulation a Chief Information Security Officer is needed to manage oversight and implement cybersecurity policies, as well as an advisory plan for incident response, and a vulnerability scan for financial organizations. It is also highly recommended to have an incident response retainer put in place in the case of an event.
If you have any questions regarding any of these requirements, or would like to assistance in meeting these regulations please contact your LIFARS team.