Governor Andrew Cuomo announced the first-in-the-nation cybersecurity regulation Thursday to protect consumer data and financial systems from terrorist organizations and other cyber criminals.
The regulation is set to take effect on March 1 and requires banks, insurance companies and other financial services regulated by the Department of Financial Services to take on a cybersecurity program designed to protect consumers' private data.
"New York is the financial capital of the world, and it is critical that we do everything in our power to protect consumers and our financial system from the ever increasing threat of cyber-attacks," said Governor Cuomo. "These strong, first-in-the-nation protections will help ensure this industry has the necessary safeguards in place in order to protect themselves and the New Yorkers they serve from the serious economic harm caused by these devastating cyber-crimes."
The regulation requires financial companies to have a program that is adequately funded and staffed and regularly reported on to check the status of information safety.
Companies will also have to maintain risk-based minimum standards for technology systems. This includes encryption and penetration testing.
The cybersecurity regulation also requires minimum standards to help address cyber breaches and asks for accountability of the protections through identification and documentation of any deficiencies, plans and annual certifications of compliance.