New York

Department of Financial Services

 Cyber Regulation 2017

 Effective date: March 1, 2017    |    First Compliance Deadline:  August 28, 2017


New York Department of Financial Services Cyber Regulation

nydfs cyber regulationnydfs cyber regulation deadlinenydfs cyber regulationnydfs cyber regulation deadlinenydfs cyber regulationnydfs cyber regulation deadlinenew york dfs cyber

The most significant cyber regulation in history

The regulation affects all financial institutions under the purview of the NY DFS.

Are you prepared to act?

A June 2017 Ponemon survey of financial institutions who are under the supervision of the NY DFS revealed:
  • 70% of companies lack in-house expertise
  • 25% of companies do not have a chief information security officer (CISO)
  • 51% of companies do not have a functioning cybersecurity program, that it is informal, or that is ad hoc
  • Some organizations noted their inability to know where high value data assets are located, that they have negligent or careless employees, and an insufficient budget. [Survey]


Evolver has the talent and capacity to assist you in meeting the cyber regulation compliance deadline.  For example, we offer CISO Support as a Service, we have expertise in implementing multi-factor authentication, and our approach on cyber assessments is to quantify risk financially.

Request a consultation with our cybersecurity executives regarding compliance for the New York Department of Financial Services.

Intro to NYDFS Cyber Regulation

Intro to the NYDFS Cyber Regulation

NY DFS Cyber Regulation: Information governance and cyber risk assessment

Information Governance and Cyber Risk Assessment –  NYDFS Cyber Regulation

NYDFS Cyber Regulation Vendors
Vendors and the NYDFS Cyber Regulation
Compliance for NYDFS Cyber Regulation

Table Stakes for Compliance with the NYDFS Cyber Regulation

With the number and magnitude of cyber events steadily increasing, the financial industry continues to be a significant target. The State of New York’s cyber regulations, covering banks, insurance companies, and other financial institutions licensed in New York, endeavor to protect these organizations from the debilitating losses associated with a cyber event.  The result of this effort is by mandating multiple comprehensive policies, stringent standards, and C-Suite certifications.

Achieving compliance with these far reaching cybersecurity requirements for financial institutions will require a combination of technical and legal advice.

If you are uncertain about the proposed regulations, your obligations, or the potential impact, Evolver will help you through the process. Working together, we will assess your current cyber profile and address the areas where your organization is non compliant.

New York Department of Financial Services Cyber Requirements

  • CEOs and Boards of Directors will be responsible for certifying compliance for cybersecurity
  • Focus is on integrity and availability of data
  • This is process based vs. outcome based
  • Cyber insurance may not cover fines/penalties for non-compliance
  • Establishment of Qualified Chief Information Security Officer (“CISO”)
  • Penetration Testing Vulnerability Assessments Encryption of Data at Rest and in Transit
  • Preservation of Audit Data (to reconstruct transactions and cyber events)
  • Data Minimization
  • Notices to Superintendent
  • Risk Assessment (Basis for other policies and procedures/actions)
  • Written Cybersecurity Policy
  • 3rd Party Information Security Policy
  • Limitations on Data Retention
  • Training & Monitoring
  • Incident & Response Plan
  • Application Security
  • CISO Assessment
  • Risk Assessment (outcome used to develop policies and procedures)
  • Annual Statement of Compliance (by named C-Suite or Chairman of the Board)
  • Notice of material Cybersecurity Event (within 72 hours)