New York Department of Financial Services (NYDFS) Cybersecurity Proposal Update

By | January 13, 2017


Courtesy of the law firm Abrams Garfinkel Margolis Bergson (AGMB), the following is an update of the September 2016 NYDFS cybersecurity regulations proposal!

On September 22, 2016 AGMB issued an Alert about new cybersecurity regulations proposed by the New York Department of Financial Services (NYDFS) which aimed to protect consumers and financial institutions from cyber-attacks by requiring banks, insurance companies, and other financial services institutions regulated by the New York State Department of Financial Services (collectively “financial service companies”) to establish and maintain cybersecurity programs. The proposal stated that all regulated financial service companies in New York (a “Covered Entity”) must establish a cybersecurity program designed to identify, defend against, and respond to internal and external cyber risks. The full AGMB Alert, which includes many of the remaining requirements, is available at the following link:

After a period of public comment, the NYDFS proposed a revised set of regulations on December 28, 2016. The revised regulations include several changes, summarized below:

  • The effective date of the new regulation has been changed from January 1, 2017 to March 1, 2017. Covered Entities have 180 days or until September 1, 2017 to comply, which was moved from July 1, 2017.
  • Cybersecurity plans are now to be based off the companies risk assessments, which will “give companies more flexibility to address areas where security risks are most pressing.”
  • Covered Entities must report a “cyber-security” event within 72 hours of the event. However, this requirement now only applies to incidents that have “a reasonable chance of compromising confidential information.”
  • Covered Entities are required to hire a Chief Information Security Officer (“CISO”). However, the CISO does not necessarily need to be a new employee or “an individual exclusively dedicated to the job.”

These revisions are currently undergoing another 30 day comment period, which began on December 28, 2016. The text of the revised rule can be found at:


Do you know everything that you need to know about your title insurance?

Who is your underwriter?
What is the claims experience of your title insurance provider?
Do you know whether the non-title insurance premium fees you are paying are fair and reasonable?

If the answer to any of these questions was no, read…

Title Insurance: Always Compare Apples To Apples! (Chart)



One thought on “New York Department of Financial Services (NYDFS) Cybersecurity Proposal Update

  1. Pingback: In The Real Estate Industry Cybersecurity Is No Longer An Option, But An Imperative! | Hallmark Abstract LLC

Leave a Reply

Your email address will not be published.