New York sets out new cybersecurity rules

New York Governor Andrew Cuomo has set out a host of new cybersecurity regulations for banks and insurance companies in a bid to protect consumer data and financial systems from crooks and terrorists.

In the pipelines for the last two years, the rules require FS firms regulated by the New York State Department of Financial Services (NYDFS) to establish cybersecurity programmes and written policies, with a designated chief information security officer made responsible for implementing, overseeing and enforcing these.

In addition, firms will have to set out policies and procedures designed to ensure the security of information systems and nonpublic information accessible to, or held by, third-parties.

“New York, the financial capital of the world, is leading the nation in taking decisive action to protect consumers and our financial system from serious economic harm that is often perpetrated by state-sponsored organizations, global terrorist networks, and other criminal enterprises,” says Cuomo.

“This regulation helps guarantee the financial services industry upholds its obligation to protect consumers and ensure that its systems are sufficiently constructed to prevent cyber-attacks to the fullest extent possible.”

The regulation – which will apply to the likes of Barclays Deutsche Bank and Goldman Sachs – is still subject to a 45-day notice and public comment period before its final issuance.