New York issues cyber regulations for banks, insurers

  • TECH
  • Wednesday, 14 Sep 2016

epa05446230 Governor of New York Andrew Cuomo delivers remarks on stage during the final day of the Democratic National Convention at the Wells Fargo Center in Philadelphia, Pennsylvania, USA, 28 July 2016. The four-day convention is expected to end with Hillary Clinton formally accepting the nomination of the Democratic Party as their presidential candidate in the 2016 election. EPA/ANDREW GOMBERT

New York Governor Andrew Cuomo on Sept 13 issued long-anticipated proposed cybersecurity regulations for banks and insurers in the state, the first of their kind in the United States by any state or federal agency, the governor said in a statement. 

Cuomo's planned regulations for institutions overseen by the New York State Department of Financial Services (NYDFS) would require companies to set up cyber security programs and appoint a chief information officer, among other measures, according to the governor's office. 

The planned regulations, in the works since 2014, follow a series of high-profile hackings of US companies and three surveys by the regulator about cybersecurity programs at a total of nearly 200 companies under its watch. One NYDFS report last year revealed that a third of 40 banks in a 2014 survey did not require outside vendors to notify them of data breaches, which could compromise bank data. 

The regulations aim to provide institutions with flexibility to adapt to technological innovations while reducing vulnerabilities, NYDFS Superintendent Maria Vullo said in a statement. 

NYDFS regulates state-chartered and foreign banks licensed to operate in the state, including Goldman Sachs Group, Barclays and Deutsche Bank, and all insurance companies that do business in the state. 

It previewed the plan in a November, 2015 letter to other state and federal regulators. That same day, U.S. prosecutors unveiled criminal charges accusing three men of helping run a sprawling series of hacking and fraud schemes, including a huge 2014 attack against JPMorgan Chase & Co, that generated hundreds of millions of dollars of illegal profit. 

Among the planned requirements: board chairmen would have to file annual certifications with NYDFS, stating, to the best of their knowledge, that their companies' cyber programs comply with the regulation. 

Other measures would include appointing overseers for outside vendors and limiting access of customers' non-public information, such as social security numbers, to employees who need those details, according to the proposal. Systems would have to include multiple steps for verifying user identities. 

Institutions would also have to regularly test their cyber security systems. The chief information security officer would have to present twice-yearly reports about progress and vulnerabilities to the board of directors and make those findings available to NYDFS. 

Before the plan becomes final, the public will have 45 days to submit comments, once the proposed regulations are published in the New York State Register. — Reuters

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 1
Cxense type: free
User access status: 3

Next In Tech News

AI-powered Mayflower, beset with glitch, returns to England
Pressure on Pornhub grows after 34 women sue
As Cyberpunk reboots, can unloved games win an extra life?
After user exodus, WhatsApp promises new privacy features
Rear view cameras - giving your car eyes in the back of its head
Former U.S. Ambassador throws support behind embattled Toshiba board chair
Qualcomm unveils new chips to power smart shopping carts, remote work
Ceiling-mounted Covid 'alarm' warns if someone in a room is infected
Just joined Twitter? Stay focussed, encourage debate and other tips
Bitcoin falls 7% to $35,431.15

Stories You'll Enjoy