The New York state announced that a set of cyber security regulations that will take effect on March 1st to tackle cyber threats.
On Thursday, the New York state announced that a cyber security regulation will take effect on March 1st. The regulations will require financial institutions and insurers to meet minimum cyber security standards and report cyber incidents to regulators.
The organizations subject to the new cyber security rules include both state-chartered banks and foreign banks operating in the New York state, along with any insurer that works in the state.
The measures are necessary to mitigate the risk of exposure to cyber crime organization and other threat actors.
The cyber security regulation announced by the New York state lay out unprecedented requirements on cyber security posture organizations must take to protect their infrastructure from cyber attacks.
The regulations are the result of huge work that started in 2014, the New York State delayed implementation of the cyber security regulation by two months and loosened some requirements after financial organizations demanded an extension due to the overhead to deal with ensuring the compliance.
“The rules, in the works since 2014, followed a series of high-profile data breaches that resulted in losses of hundreds of millions of dollars to U.S. companies, including Target Corp, Home Depot Inc, and Anthem Inc.” reported the Reuters.
The importance of the regulations was highlighted by the Governor Andrew Cuomo in the statement:
“These strong, first-in-the-nation protections will help ensure this industry has the necessary safeguards in place” to protect businesses and clients “from the serious economic harm caused by these devastating cyber-crimes,”
Financial institutions and insurers will have to scrutinize security posture of third-party service providers and conduct a continual risk assessment process.
“The revised rule requires firms to perform risk assessments in order to design a program particular to them, and gives them at least a year-and-a-half to comply with the requirements. The final rule took into account the burden on smaller companies, a spokeswoman for the agency said.” continues the Reuters.
The good news is that the attention to cyber security is widespread in the US, a task force of U.S. state insurance regulators is already working on the development of a model cyber security law that could be transposed and by various states.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.