February 28, 2017

NY Financial Services Department Finalizes "First-in-Nation" Cybersecurity Rules

The New York Department of Financial Services ("DFS") adopted the final version of its "first-in-nation" cybersecurity rules (see previous coverage). Generally, the rules require a wide range of insurance, banking and financial services companies to adopt robust cybersecurity programs in order to protect sensitive and confidential data from theft or harm by cybercriminals.

In a related memorandum, Cadwalader attorneys Joseph Facciponti, John Moehringer, Howard Wizenfeld and Alejandra Contreras outline how the revised cybersecurity rules clarify notice and recordkeeping requirements and provide new exemptions to certain types of entities.


The final version of the rules leaves nearly all of the stringent requirements of New York's new cybersecurity regulations intact, sending a clear message that New York intends to lead the nation in protecting sensitive corporate systems and data from cyber attacks. These new rules impose significant burdens on entities subject to regulation by the DFS and, potentially, significant penalties and sanctions for failure to comply. Entities covered by the rules now have only six months to meet many of the rules' new requirements.

Premium Content

Available only to Premium subscribers.