A look at the new NYDFS Cybersecurity Division and what it means for financial institutions
Financial institutions in New York already must comply with some of the toughest cybersecurity regulations in the nation. Not satisfied with the status quo, the New York Department of Financial Services (NYDFS) is taking additional steps to address ongoing threats and protect consumers’ private data.
State lawmakers have already passed landmark legislation that governs cybersecurity for financial institutions—and the NYDFS has now reorganized to enforce this standard, creating a new Cybersecurity Division within the department.
Cyber threats and financial institutions
If you’ve been paying attention to the news, you know that financial institutions are a favorite target of cyber-criminals. In July 2019, for example, Capital One revealed a data breach that might end up affecting as many as 100 million customers. This follows other high profile breaches, such as the one that affected Equifax in 2017.
Due to the seriousness of the problem, the NYDFS has established the first of its kind cybersecurity task force. The main duties of the unit will include enforcing oversight of the state’s cybersecurity regulations (23 NYCRR 500).
What will this handle and how will it help?
The role of the Cybersecurity Division
The Cybersecurity Division will be focused mainly on overseeing and enforcing the state’s cybersecurity regulations.
The division will also, “…advise on cybersecurity examinations, issue guidance on DFS’s cybersecurity regulations, conduct cyber-related investigations, and share threat information about cyberattacks with companies.”
Additionally, it will work in coordination with the newly created Consumer Protection and Financial Enforcement Division (CPFED), which is tasked with investigating cybersecurity events and developing policies to combat ongoing threats.
The CPFED is the result of restructuring within the department, which effectively combined the Enforcement and Financial Frauds and Consumer Protection, divisions. Other divisions also fall under the umbrella of the CPFED, including Enforcement, Investigations and Intelligence, Civil Investigations, Consumer Examinations, and Student Protection. The CPFED’s mission is to “…protect and educate consumers, fight consumer fraud, and ensure that regulated entities comply with New York and federal laws.”
The two divisions will be working together to combat and prevent cyber threats within the financial industry.
What the latest move means for financial institutions
New York’s cybersecurity regulations are the first of many; other states are following New York’s lead with their own cybersecurity regulations, and many of these laws cover any entity that does business with an organization in a covered state.
Most experts believe the new Cybersecurity Division will lead to more stringent oversight and enforcement of NY’s cybersecurity regulations.
In a speech before the Association of the Bar of the City of New York, acting Superintendent of the Department of Financial Services Linda Lacewell stated that cybersecurity is “the number one threat facing all industries and governments globally.” Her statement makes it clear that cybersecurity is a top priority for the New York Department of Financial Services overall.
It is essential that financial institutions in New York and across the U.S. keep up with the latest regulations and take steps to protect consumers’ sensitive data on every front. CyberGuard360 can help. We offer state-of-the-art security systems to help monitor and protect against cyber-attacks. We also provide a wide array of other services, including risk assessment, compliance management, education and training, and disaster recovery. Call us at 844-315-9882 or reach us via our online contact form.