NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies
November 16, 2023
On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. These revisions represent the most significant modifications since the enactment of the rules in March 2017. Noticeably, covered entities are now subject to new requirements imposing heightened responsibilities on Chief Information Security Officers (“CISOs”) and more specific and prescriptive requirements in relation to governance, risk assessments, and notifications to the NYDFS. Some requirements also apply specifically to larger covered entities falling under the “Class A companies” category.