The two-year transition period under New York’s new cybersecurity regulation ended March 1. Here’s an update and where companies