Blog Posts Tagged With NY Department of Financial Services

Subscribe to NY Department of Financial Services RSS Feed

NYDFS Cybersecurity Rules Inspires Insurance Data Security Draft Model Law

The National Association of Insurance Commissioners (“NAIC”) has signaled that insurance regulators may be the first government agencies to adopt the framework for cybersecurity regulation that was recently set out in the New York Department of Financial Services (“NYDFS”) cybersecurity rules, which went into effect on August 28, 2017.

The Cybersecurity (EX) Working Group and the Innovation and Technology (EX) Task Force of NAIC approved the Insurance Data Security Model Law (“Model Law”)  in August … Continue Reading

Today (August 28) Marks the First NYDFS Cybersecurity Compliance Deadline, With a Certification Deadline Less Than Six Months Away

Today marks the first deadline for entities regulated by the New York Department of Financial Services (“NYDFS”) to comply with certain provisions of the recent NYDFS cybersecurity rules.  The NYDFS cybersecurity rules taking effect is a significant event for NYDFS-regulated entities, and for any company facing cybersecurity concerns.  The unique combination of (1) concrete cybersecurity requirements (e.g., access controls), (2) a senior-level certification obligation, and (3) the 72-hour notice requirement, will likely have a … Continue Reading

Announcing our Cybersecurity Blog; One Month Until the NYDFS Cybersecurity Rules Take Effect

With about a month to go until the first set of NYDFS’s cybersecurity rules go into effect (on August 28, 2017), we are proud to announce the formal launch of the Davis Polk Cyber Breach Center.  The blog will help you keep pace with industry best practices and be aware of your company’s cybersecurity obligations, including those relating to the NYDFS rules.  Aside from posts about developments in cybersecurity, the blog includes information about … Continue Reading

NYDFS Provides Guidance on When Unsuccessful Cyber Attacks Should Be Reported

When the New York Department of Financial Services (“NYDFS”) issued its new cybersecurity rules in March, one question came up frequently:  When are covered entities required to report an unsuccessful cyber attack?  The rules provide that notification must be made to the NYDFS within 72 hours from a determination that a cybersecurity event has occurred that has a reasonable likelihood of materially harming normal operations, and the definition of a cybersecurity event includes an unsuccessful … Continue Reading

The PetyaWrap Attack, Anthem Data Breach Settlement, and NYDFS Cyber Regulations All Highlight that Companies Should Review Their Access Controls

Three recent cybersecurity events highlight the need for companies to review their access controls to limit who has administrator privileges and how long those elevated privileges last.

First, this week, computer malware that has variously been called PetyaWrap, WannaCry2, GoldenEye and NotPetya began spreading in dozens of countries, encrypting computers and informing users that they could unlock their machines by paying a $300 ransom.  Although the malware first appeared to function as ransomware, it now … Continue Reading

Less than Half of Financial Firms Subject to NY DFS Expect to Meet the Deadline for Compliance

A new report from the Ponemon Institute indicates that less than half of the nearly 600 financial institutions surveyed expect to meet the February 2018 deadline for certification of compliance with all of the cybersecurity rules from NY DFS that are applicable to them. Of those, nearly one-quarter said there was “no chance” they would be able to do so. Notwithstanding these challenges, the DFS has indicated on the FAQ section of its website that … Continue Reading

Davis Polk Memo – New York State Department of Financial Services Proposes New Cybersecurity Regulations

We have issued a memo on recent proposed cybersecurity regulations by the New York State Department of Financial Services that would be more stringent than existing federal requirements for certain financial entities. The memo highlights similarities and differences between the proposed regulations and federal regulations and guidance.

Read the Full Memo »Continue Reading

LexBlog