With ransomware, DDoS attacks and malevolent hacking ever on the rise these days, many governments around the world are reacting and demanding that corporations take action to protect the system. On Wednesday the New York State Department of Financial Services (DFS) has updated its proposed new cybersecurity regulation.
To unlock the Asian market, register now to the iFX EXPO in Hong Kong.
The first such proposed regulation for a state in the US will require banks, insurance companies, and other financial services institutions regulated by DFS to establish and maintain a cybersecurity program when it will go into effect March 1, 2017, designed to protect consumers and ensure the safety and soundness of the financial services industry.
Legal Risk Factor Beneath Ripple’s Lawsuit from SECGo to article >>
“New Yorkers must be confident that the banks, insurance companies and the other financial institutions that they rely on are securely handling and establishing necessary protocols that ensure the security and privacy of their sensitive personal information,” said Financial Services Superintendent Maria T. Vullo. “This updated proposal allows an appropriate period of time for regulated entities to review the rule before it becomes final and make certain that their systems can effectively and efficiently meet the risks associated with cyber threats.”
“It’s clear that New York State took the public’s concerns seriously, and in doing so, created a much stronger and more effective set of regulations that will protect both consumers and the banks themselves—without imposing needlessly burdensome or costly requirements,” said David Damato, Chief Security Officer at Tanium. “They’ve gotten rid of the one-size-fits-all approach that hampered the original regulations—by recognizing that each bank should tie their cybersecurity approach to their individual risk assessment. The State has also recognized that reporting every single incident—even unsuccessful ones—would have been unfeasible for large banks that see thousands of attempted intrusions every day.”
On the national cyber front in the US, the American National Futures Association (NFA) and Commodity Futures Trading Commission (CFTC) had their Information Systems Security Programs (ISSP) regulations coming into effect on March 1, 2016.