A Quick Look at New York’s first-in-the-nation Cybersecurity Regulation


On Thursday, February 16th, the New York State Department of Financial Services (DFS) released the first-in-the-nation Cybersecurity Regulation to protect New York’s consumers and financial institutions against the ongoing threat of cyber-attacks. The new regulation will take effect March 1, 2017.

The rule, dubbed NY CRR 500, requires banks, insurance companies, and other financial institutions regulated by the DFS to establish and maintain a cybersecurity program with minimum standards based on risk. The regulation also calls on institutions to put accountability measures in place to prevent and avoid cyber breaches.

To read the regulation, visit: http://www.dfs.ny.gov/legal/regulations/adoptions/rf23-nycrr-500_cybersecurity.pdf.

To read the New York State DFS press release, visit: http://www.dfs.ny.gov/about/press/pr1702161.htm

Industry experts believe the New York State DFS Cybersecurity Regulation is setting a precedent, and anticipate other states to follow suit.


CoNetrix will be hosting a 30-minute webinar on February 28th to go over the regulation and discuss some key action items. To register visit: