The Future of Cybersecurity: Required State-wide Programs for Financial Institutions


If you’ve been following our blog lately, you may have noticed our emphasis on cybersecurity. There’s good reason for that – cybercrime rates are increasing significantly year-to-year. In fact, according to Symantec’s 2016 Internet Security Threat Report, at the close of 2015, the world experienced the largest data breach ever publicly reported. 191 million records were exposed, which is considered a mega-breach (defined as a breach of more than 10 million records). There were 9 mega breaches in 2015 alone which is a 125% increase from the previous year.

Richard Reiter of The National Law Review website recently published a very interesting article: New York Proposes Required Cybersecurity Programs for Financial Institutions on September 19, 2016. According to the article, New York’s Governor, Andrew M. Cuomo announced a proposed regulation that requires banks, insurance companies and other financial services institutions regulated by the State Department of Financial Services (DFS) to establish and maintain a cybersecurity program to protect consumers and New York State’s financial services industry.

This is a paramount regulation proposal that may change the way cybersecurity is regulated across the country in the near future. With the ever-increasing exposure to cybercrime by the media outlets, this proposal by Governor Cuomo is very timely. Included in his proposal is an additional requirement that mandates cybersecurity awareness training for all personnel, an appropriate document destruction policy for nonpublic information when it is no longer required and an incident response plan to respond to any cybersecurity event.

Although this proposal is the first of its kind, it will unlikely be the last. We anticipate that other states and industries will follow suit to protect consumers and financial institutions from the increasing threat of cybersecurity.