What Is The NYDFS Cybersecurity Regulation?

The cybersecurity regulation designed by the New York Department of Financial Services applies to all organizations operating within its jurisdiction. This includes entities with a license, registration, or charter, and others that fall within New York DFS regulations. It also applies to unregulated third-party service providers for regulated organizations.

Since it went into effect in 2019, financial institutions covered by the New York DFS are required to have a designated chief information security officer (CISO). Additionally, they must maintain comprehensive cybersecurity policies and an incident response plan. Polices are required to cover issues like data breach notifications, access control, disaster recovery, network security, data privacy controls, auditing, and risk assessments.

These larger regulations are comprised of a number of smaller components and sub-regulations. Some of the more stringent requirements laid out within the NYDFS cybersecurity regulation include incident reporting, data encryption, multi-factor authentication for network access, and annual compliance certification.

What Type Of Entities Are Affected By The NYDFS Cybersecurity Regulation?

Examples include, but are not limited to:

  • State-chartered banks,
  • Licensed financial lenders,
  • Private bankers,
  • Foreign banks licensed to operate within New York,
  • Mortgage dealers,
  • Insurance brokers,
  • Service providers.

There are some exemptions to NYDFS cybersecurity compliance requirements. These include companies with 10 employees or less, those which have grossed less than $5 million in annual revenue from operations in New York for the last three years, and those which have less than $10 million in total assets at the end of the year.

What Is The Enforcement Deadline For The NYDFS Cybersecurity Regulation?

Businesses and organizations subject to the NYDFS cybersecurity were required to become fully compliant by March 1, 2019.

Guidance Towards Compliance With New York DFS Cybersecurity Regulations

If these new regulations apply to your organization, understanding the requirements and taking action to achieve and maintain compliance may seem like a challenge. I.S. Partners, LLC. can help design and implement specialized policies and controls to fit your structure. Plus, our team of experts works with your organization gather the documentation and resources needed for compliance.

Get more information by calling our office (215) 631-3452 or filling out our contact form below.

Get Hassle-free Pricing in 3 Easy Steps

Request a quote using the form below
Allow us to create a customized plan
We'll get you an accurate, no-obligation quote
Untitled-1 Asset 1 Request a Quote Background

Request a Quote

Please fill out the fields below and one of our compliance specialists will contact you shortly. Want to speak to us now? Call us at (866) 335-6235

Request a Quote (Keep)

I.S. Partners is serious about privacy. We will never share your information with third parties. Please read our Privacy Policy for more information.


Great companies think alike!

Join hundreds of other companies that trust I.S Partners for their compliance, attestation and security needs.

Teladoc VeriClaim DentaQuest VisioNet Verifacts Sterling AV Med DOE Legal