In March of 2017, New York enacted new cybersecurity legislation focused on regulating banking security. Cybersecurity attacks on the financial sector have risen recently and the federal and state governments are looking to combat data breaches. The regulations themselves strive to regulate security conduct by the financial institutions, including required testing and risk assessment, training for cybersecurity personnel, and mandated reporting to upperlevel staff as well as the New York Department of Financial Services. While these regulations are the first of their kind and strive to set in place certain basic requirements for cybersecurity, it remains to be seen how effective they will truly be. There is concern that the regulations are sometimes redundant, and at other times not far reaching enough to have an impact on security concerns. Still, these regulations could be used as a framework for other government institutions going forward. The effectiveness will likely not be seen until the requirements have been put in place by banks and then tested by cyberattacks.
Password Please: The Effectiveness of New York's First-in-Nation Cybersecurity Regulation of Banks,
Bus. Entrepreneurship & Tax L. Rev.
Available at: https://scholarship.law.missouri.edu/betr/vol1/iss2/10