Insights

  • Home
  • Insights
  • New York Department of Financial Services Announces Creation of Cybersecurity Division

Share

Implementing China's Cybersecurity Law

New York Department of Financial Services Announces Creation of Cybersecurity Division

New York is the first state to establish a department within a financial regulatory agency that is tasked with protecting consumers and financial markets against cyber threats.

June 2019 Jones Day Publications

On May 22, 2019, the New York Department of Financial Services ("DFS") announced the creation of a Cybersecurity Division to protect the state's financial services industry from cyber threats. New York is the first state to establish within a financial regulatory agency a department tasked with protecting consumers and financial markets against the risk of cyber threats. The agency has long maintained a leading role among state financial service regulators in addressing cyber issues, and the creation of the division represents the state's latest effort to underscore its commitment to addressing digital threats.

The Acting DFS Superintendent Linda Lacewell has named Justin Herring as the executive deputy superintendent in charge of the new division. Previously, Mr. Herring was chief of the first Cyber Crimes Unit at the U.S. Attorney's Office of New Jersey and is expected to bring expertise in cybercrime and digital currencies.

The new Cybersecurity Division will:

  • Enforce the DFS's cybersecurity regulations;
  • Advise on cybersecurity examinations;
  • Issue cyber-related guidance;
  • Conduct cyber-related investigations with the Consumer Protection and Financial Enforcement Division; and
  • Disseminate trends and threat information about cyberattacks.

In particular, the Cybersecurity Division will enforce and issue guidance on the NYDFS Cybersecurity Requirements, promulgated in 2017 to establish baseline cybersecurity standards for banks, insurance companies, and other covered financial institutions. Those include funding and staffing requirements for cybersecurity programs, risk-based standards for technology systems, procedures for addressing breaches, and annual certifications of regulatory compliance with the DFS.

The move by DFS indicates the agency's intent to increase its focus on cybersecurity issues going forward. However, it remains to be seen whether this will result in more rigorous enforcement of New York's cybersecurity regulations.

We will continue to monitor these state efforts.

Insights by Jones Day should not be construed as legal advice on any specific facts or circumstances. The contents are intended for general information purposes only and may not be quoted or referred to in any other publication or proceeding without the prior written consent of the Firm, to be given or withheld at our discretion. To request permission to reprint or reuse any of our Insights, please use our “Contact Us” form, which can be found on our website at www.jonesday.com. This Insight is not intended to create, and neither publication nor receipt of it constitutes, an attorney-client relationship. The views set forth herein are the personal views of the authors and do not necessarily reflect those of the Firm.
You May Also Be Interested In

April 2024 Alert

FDA Proposes Updated Guidance Concerning Cybersecurity of Medical Devices

April 2024 White Paper

2023 False Claims Act Enforcement in Health Care and Life Sciences, Part II

April 2024 Alert

CISA Releases Proposed Cyber Incident and Ransom Payment Reporting Rules to Implement CIRCIA

APRIL 2024 Alert

New State Health Privacy Laws—Moving Beyond HIPAA and Recasting Consumer Health Data Rights?

Before sending, please note:

Information on www.jonesday.com is for general use and is not legal advice. The mailing of this email is not intended to create, and receipt of it does not constitute, an attorney-client relationship. Anything that you send to anyone at our Firm will not be confidential or privileged unless we have agreed to represent you. If you send this email, you confirm that you have read and understand this notice.