Debevoise Analyzes Revised New York Cybersecurity Regulation for the Financial Sector

New York’s Department of Financial Services (DFS or the Department) has responded to a large volume of comments about its proposed, sweeping cybersecurity regulation for banks, insurers and other financial service providers by softening a number of provisions that many in the industry had criticized as onerous and overly prescriptive. On December 28, 2016, the Department published a revised regulation (the Revised Draft Regulation)[1] that altered its original, “first-in-the-nation” proposal issued on September 13, 2016 (the Original Draft Regulation).

Many had argued that the Original Draft Regulation should be more risk-based, along the lines of the NIST Cybersecurity Framework … Read more