The first-in-the-nation cybersecurity requirements recently issued by the New York Department of Financial Services are changing the face of the cybersecurity landscape. The new regulations mean higher stakes, stricter oversight and a new focus on board member responsibility.
The Final Rule broadly applies to all New York-licensed financial services companies, including banks, insurance companies and other financial services institutions regulated by the NYDFS, with very limited exceptions. Any entity that operates (or is required to operate) under a license, registration, charter, certificate, permit, accreditation or similar authorization under the banking, insurance and financial sectors is covered to some extent. NYDFS is the most specific cybersecurity regulation in the country that applies to companies that are not critical infrastructure operators.
The first deadline for complying with many sections of the regulations is August 28, 2017.
The phrase "risk assessment" appears no fewer than 21 times in the regulation, and almost all of the NYDFS requirements are based on the outcome of the initial risk assessment framework and ongoing assessments.
The DLA Piper NYDFS Accelerator empowers the business to identify and rapidly respond to the risk assessment requirement that is a key requirement of the regulation. Deploying a three-step, fixed fee process, DLA Piper offers a privileged engagement designed to create a risk assessment framework that provides insight into the current risk environment and serve as the foundation for meeting the extensive requirements of NYDFS.
Our risk assessment offering will enable you to examine these areas of your business:
- Cybersecurity program
- Cybersecurity policy
- Annual cybersecurity report
- Penetration testing
- Vulnerability assessments
- Audit trail
- Access privileges
- Third-party service provider security policy
- Multi-factor authentication
- Training and monitoring
- Encryption of NPI
Are you ready?
To learn more about our NYDFS Cybersecurity Risk Assessment process, what it can do to help you comply and the cybersecurity enhancements it offers, please contact us at [email protected].
Our Cybersecurity consulting and legal services
DLA Piper's Cybersecurity practice enhances its legal skills with the addition of highly experienced risk and technology consultants in order to support clients as a single cyber-team. This joint legal and consulting approach to data risk, privacy, cyber and security projects is a significant point of differentiation from other large firms that has been recognized by notable rankings entities, including BTI Consulting Group, which recently ranked us among the top cybersecurity law firm practices in the United States. Our team of experienced consultants is on the front lines, assessing, developing and implementing innovative data risk, privacy and security solutions for some of the world's largest and most geographically diverse companies.