New York state is proposing new rules requiring banks and insurance companies to establish cybersecurity programs and designate an internal cybersecurity officer, in what Gov. Andrew Cuomo described as a “first-in-the-nation” move to codify cyber safety policies.
The new regulations, proposed by New York’s Department of Financial Services, will apply only to banks and other financial services companies licensed by the Empire State and not to nationally chartered institutions. But as the first regulator to issue guidelines involving cybersecurity, the DFS could set an example for other regulators at the state and federal level. The proposed regulation is subject to a 45-day notice and public comment period before final adoption.