top of page

New NYDFS Cybersecurity Regulations Now in Effect

Sebastian Burgemejster

As of November 1, 2024, the New York State Department of Financial Services (NYDFS) has officially rolled out its amended cybersecurity regulations. 


  • Key Updates You Need to Know:


Corporate Governance & Oversight 


The Chief Information Security Officer must now report cybersecurity risks and incidents directly to the board or senior governing body. This ensures that cybersecurity moves from an IT-level concern to a core business priority.


Mandatory Encryption of Nonpublic Information 


Data encryption is no longer optional. Sensitive information must be encrypted both in transit and at rest, with compensating controls only allowed if explicitly approved by the CISO.


Incident Response Planning 


Organizations must have a comprehensive incident response plan that includes internal response protocols, backup recovery processes, and root cause analysis. Annual testing is required to ensure readiness.





Business Continuity & Disaster Recovery


Entities must establish a robust business continuity and disaster recovery plan to maintain operations during cyber incidents and ensure rapid restoration of critical systems.


Employee Cybersecurity Training 


Regular training for all employees—especially those involved in incident response and disaster recovery—is now mandatory to create a culture of security.


Access Controls & Identity Management 


Enhanced multi-factor authentication and identity management practices are required to ensure that only authorized personnel can access sensitive systems and data.


Class A Companies


Larger organizations designated as Class A entities face additional scrutiny, including enhanced risk assessments and stricter governance measures.


While many provisions are already in effect, additional requirements will roll out throughout 2025.



0 views0 comments

Recent Posts

See All

Commentaires


Stay in touch

BW ADVISORY sp. z o.o. 

ul. Boczańska 25
03-156 Warszawa
NIP: 525-281-83-52

Privacy policy

  • LinkedIn
  • Youtube
bottom of page