"New York’s Cybersecurity Regulation: A Practical Guide," Federation of Regulatory Counsel Journal Spring 2017

“The regulation is the first in the nation to mandate protection by banks, insurers, and other financial institutions within DFS’ regulatory jurisdiction of their customer information from cyber-attacks directed at them (sometimes referred to as ‘covered entities’),” writes Frederick J. Pomerantz, a partner in Goldberg Segalla’s Global Insurance Services Practice Group.

Writing for the Federation of Regulatory Counsel, Fred takes a look at New York Department of Financial Services (DFS) regulation 23 NYCRR Part 500. The regulation, which took effect March 1, 2017, requires companies to self-assess their risk-based profiles and develop a program that address the risks.

“Those requirements of the regulation with longer transitional periods are designed to provide outside deadlines for compliance and are consistent with DFS’ goals of setting minimum standards,” says Fred as part of his analysis of the regulation. “They also recognize the cost and operational complexities of achieving full compliance with the new regulation,” continues Fred as he delves into an in-depth analysis of the various requirement stages for the new regulation.

Read the article here: