New York cybersecurity regulations were to take effect on January 1, 2017, as proposed by New York Governor Andrew Cuomo, which we wrote about here. But after leaders in the financial community voiced concern over the rules in late December, the effective date for the new cybersecurity regulations has been pushed back to March 1, 2017 after conducting a hearing on the matter. The proposed regulations will impact banks, financial institutions, and insurance providers conducting in New York. The regulations are meant to improve cybersecurity measures taken by all financial institutions in the state spanning from big Wall Street banks to local community banks.

The new regulations are designed to bring cybersecurity and cyber threat awareness to the attention of businesses that are heavily involved in financial matters for the public. These financial institutions are entrusted with the public’s hard-earned money, and there is an ever-increasing risk of data security breaches. Banks, financial institutions and insurance companies need to take responsibility for protecting customer data and accounts.  

A Rush to Comply With the New York Cybersecurity Regulations

The banks, financial institutions and the insurance companies have been fighting to get a compliance extension for the new regulations because for some compliance requires a lot of effort. Under the new cybersecurity regulations many entities must perform system upgrades, implement new security measures, and a number of plans need to be developed, all of which takes time to accomplish. Many entities covered under the new regulations were scrambling to get their systems into compliance, and for many it was a struggle.

More than 150 covered entities penned letters to New York lawmakers lobbying to get the deadline for compliance pushed back from the quickly approaching January 1 compliance date. Additionally, opponents to the new regulation urged lawmakers to amend the regulations. The proposed New York cybersecurity regulations will be made available for comment on December 28, 2016.

Issues Raised By Covered Entities About the New Regulations

Some of the concerns that were raised by banks and insurance companies include the cost associated with compliance is too high, the regulations are tough on the financial industry, and the new regulations are out of sync with other government entities that have been required to adopt cybersecurity regulations, such as the Federal Reserve and the Federal Deposit Insurance Corporation. Additionally, under the regulations, banks are also forced to hire Chief Information Security Officers if the bank does not already have one. Hiring new staff, especially staff with such a high level of skill and training takes time to identify the right person for the job.

Incident reporting is also a concern under the new regulations. All cybersecurity incidents would need to be reported under the new regulations, even if the threat is managed by the covered entity. Constant incident reporting will result in a lot of paperwork and cost, which banks are not keen on shouldering. Additionally, incident reports could be accessed by the public under the Freedom of Information Act, and the public could see how many threats New York banks and financial institutions regularly face, which could harm their reputation and could affect their business.

Contact a Cybersecurity Lawyer

The revision to the New York cybersecurity regulations just goes to show how this area of law is under a lot of pressure. Changes and revisions are being made all the time to address new cyber security threats and risk. Revision Legal works extremely hard to stay current on the dynamic nature of cyber security. Contact the experienced cybersecurity attorneys at Revision Legal using the form on this page or call us at 855-473-8474.

Image credit to Flickr user Alimuthuja.