NY Department of Financial Services

The National Association of Insurance Commissioners (“NAIC”) has signaled that insurance regulators may be the first government agencies to adopt the framework for cybersecurity regulation that was recently set out in the New York Department of Financial Services (“NYDFS”) cybersecurity rules, which went into effect on August 28, 2017.

The
Continue Reading NYDFS Cybersecurity Rules Inspires Insurance Data Security Draft Model Law

Today marks the first deadline for entities regulated by the New York Department of Financial Services (“NYDFS”) to comply with certain provisions of the recent NYDFS cybersecurity rules.  The NYDFS cybersecurity rules taking effect is a significant event for NYDFS-regulated entities, and for any company facing cybersecurity concerns.  The
Continue Reading Today (August 28) Marks the First NYDFS Cybersecurity Compliance Deadline, With a Certification Deadline Less Than Six Months Away

With about a month to go until the first set of NYDFS’s cybersecurity rules go into effect (on August 28, 2017), we are proud to announce the formal launch of the Davis Polk Cyber Blog.  The blog will help you keep pace with industry best practices and be aware
Continue Reading Announcing our Cybersecurity Blog; One Month Until the NYDFS Cybersecurity Rules Take Effect

When the New York Department of Financial Services (“NYDFS”) issued its new cybersecurity rules in March, one question came up frequently:  When are covered entities required to report an unsuccessful cyber attack?  The rules provide that notification must be made to the NYDFS within 72 hours from a determination that
Continue Reading NYDFS Provides Guidance on When Unsuccessful Cyber Attacks Should Be Reported

Three recent cybersecurity events highlight the need for companies to review their access controls to limit who has administrator privileges and how long those elevated privileges last.

First, this week, computer malware that has variously been called PetyaWrap, WannaCry2, GoldenEye and NotPetya began spreading in dozens of countries, encrypting computers
Continue Reading The PetyaWrap Attack, Anthem Data Breach Settlement, and NYDFS Cyber Regulations All Highlight that Companies Should Review Their Access Controls

A new report from the Ponemon Institute indicates that less than half of the nearly 600 financial institutions surveyed expect to meet the February 2018 deadline for certification of compliance with all of the cybersecurity rules from NY DFS that are applicable to them. Of those, nearly one-quarter said there
Continue Reading Less than Half of Financial Firms Subject to NY DFS Expect to Meet the Deadline for Compliance

We have issued a memo on recent proposed cybersecurity regulations by the New York State Department of Financial Services that would be more stringent than existing federal requirements for certain financial entities. The memo highlights similarities and differences between the proposed regulations and federal regulations and guidance.

Read the Full
Continue Reading Davis Polk Memo – New York State Department of Financial Services Proposes New Cybersecurity Regulations