How the NYDFS Drives Cybersecurity in the Financial Services Industry

Two years after releasing its first-of-its-kind cybersecurity regulations for the financial services industry, the New York State Department of Financial Services (NYDFS) created a Cybersecurity Division. The Division’s Executive Deputy Superintendent, Justin Shibayama Herring, recently spoke to Davis Polk partner Robert A. Cohen, former chief of the SEC’s Cyber Unit, about the Division’s examination and enforcement focus, including lessons from recent cases; navigating the panoply of cyber regulations and incident reporting challenges; and best practices when adopting affiliates’ cybersecurity programs. This article presents Herring’s thoughts on the foregoing. In light of New York State’s prominent role in financial and insurance markets, as well as the fact that the NYDFS’ regulations generally govern the activities of any New York-licensed entity, those regulations have widespread impact, and its cybersecurity regulations are widely seen as a potential template for broader regulatory cybersecurity expectations. For more on the NYDFS, see “Proposed Expansion of New York Department of Financial Services Could Impact Hedge Funds” (Apr. 16, 2020).

To read the full article

Continue reading your article with a HFLR subscription.