Governor Andrew M. Cuomo has announced a new rules to protect New york city from cyber attacks.
The rules requires banks, insurance providers, and other financial services organizations regulated by the State Department of Financial Solutions to establish and keep a cyber security program made to protect consumers and ensure the protection and soundness of New York State’s financial services industry.
“New You are able to, the financial capital of the world, is leading area in taking important action to protect consumers and our financial system from serious economical damage that is often perpetrated by state-sponsored organizations, global terrorist networks, and other criminal enterprises, ” said Governor Cuomo. “This rules helps guarantee the financing industry upholds its responsibility to protect consumers and ensure that its systems are sufficiently constructed to prevent cyber-attacks to the fullest extent possible.”
The proposed regulation is subject to a 45-day notice and public review period before its last issuance. It requires controlled banking institutions to establish a cyber security program; adopt a written cyber security policy; specify a Chief Information Protection Officer in charge of implementing, managing and enforcing its new program and policy; and have policies and methods designed to ensure the security info systems and nonpublic information accessible to, or held by, third-parties, along with a variety of other requirements to safeguard the confidentiality, integrity and availability of information systems. More information on the rules are available here.
New You are able to State Department of Economical Services Superintendent Maria T. Vullo said, “Consumers must be confident that their sensitive nonpublic information is being protected and managed appropriately by the banking institutions that they are doing business with. DFS designed this groundbreaking proposed rules on current principles and has built in the overall flexibility necessary to ensure that institutions can successfully adapt to continued improvements and work to lessen weaknesses in their existing cyber security programs. Regulated entities will be held accountable and must annually certify conformity with this regulation by assessing their specific risk profiles and designing programs that vigorously address those risks. ”