Expect New Cybersecurity Regs from New York DFS

Last week, the Department of Financial Services of the State of New York (“DFS”) issued a letter available here, indicating its intention to promulgate cybersecurity regulations that will apply to financial institutions licensed by DFS, including insurance companies, banks, and mortgage brokers. The proposed regulations will be intended to improve the cybersecurity security defenses of financial institutions.

DFS identified several areas that would be the subject of specific requirements in the potential regulations. These include requirements for (i) cyber security policies and procedures, (ii) third-party service provider management, (iii) multi-factor identification, (iv) cyber security personnel, (v) annual testing and audit of cyber security, and (vi) notice to DFS in the event of any material cyber security incident.