Insight

Brand New Cybersecurity Regulations Are Now in Effect in New York: How Might They Affect Your Organization?

Brand New Cybersecurity Regulations Are Now in Effect in New York: How Might They Affect Your Organization?

New Cybersecurity Regulations
Simon Johnson

Simon Johnson

April 11, 2017 08:55 AM

They have been hailed as a world first.

New cybersecurity regulations which have just come into effect in New York will provide for specific and prescriptive requirements for the financial services industry. The regulations (New 23 NYCRR 500) may well be an indicator of things to come in Australia, where an increased focus is already being placed on cyber and data security, with laws regarding mandatory data breach notification having just come into effect.

The New York regulations were initially released in draft in September 2016. While many aspects were consistent with existing cybersecurity principles, the regulations were seen to go above and beyond the status quo. Notably, the proposed regulations dealt with ‘nonpublic information’ which was defined very broadly, meaning that entities falling within the regulations (known as ‘Covered Entities’) were burdened with protecting a wide scope of information. Covered Entities under the regulations include, for example, financial service providers, investment companies, brokers, and insurers.

Following a consultation period, changes were made to the initial draft. These included a loosening of some of the more onerous requirements. The meaning of ‘nonpublic information’ was narrowed and ‘risk assessments’ were provided for, which would inform the implementation of measures on an entity-by-entity basis (rather than a one-size fits all arrangement). The final form of the regulations came into effect on 1 March 2017 with an 180-day transitional period. However, there are some exemptions for smaller-sized companies, such as those with less than 10 employees or those with gross annual revenue or year-end total assets below certain amounts.

Noteworthy aspects of the final regulations include requiring Covered Entities to implement a cybersecurity program and cybersecurity policy which would be based on the risk assessments that must be carried out periodically. Covered Entities also need to appoint a Chief Information Security Officer responsible for overseeing the cybersecurity program and policy. Qualified cybersecurity personnel are now required to perform certain core cybersecurity functions.

Significantly, Covered Entities are required to provide a signed annual certification of compliance from February 2018. Although not spelled out under the regulations, the effect of this requirement is that it could potentially lead to individual liability for the person(s) submitting the certification (being a ‘Senior Officer’ or the board of directors for example) if a false statement is contained in the certificate.

It appears that US regulators are developing a model cybersecurity law, and as such it seems likely that the New York regulations are a sign of things to come on the US front.

Back in Australia and further to the introduction of to the mandatory data breach notification legislation, we are also shortly anticipating some cyber initiatives such as an upcoming release by the ASX of the results of its ‘ASX 100 Cyber Health Check’. We expect this will provide some insight into how some of the largest organizations in Australia manage their cybersecurity risks and cybersecurity incidents.

In addition, Australian Signals Directorate, the national agency responsible for the provision of cyber security advice, recently published their updated Strategies to Mitigate Cyber Security Incidents. This provides some key advice as to how organizations can prepare for cybersecurity incidents and notes eight essential mitigation strategies including:

  1. application whitelisting, whereby only selected software applications are to run;
  2. patch applications, to fix security vulnerabilities in software applications;
  3. configuring Microsoft Office macro settings to disable untrusted macros;
  4. restricting administrative privileges;
  5. patching operating systems;
  6. multi-factor authentication; and
  7. daily backup of important data, and securing it offline.

It’s clear that a growing focus is being placed on cybersecurity and protecting information from cyber security threats. With an ever increasing amount of cyber-attacks and data breach incidents, it is now more important than ever that organizations put systems in place to mitigate the risks, thereby placing them in good stead to prepare for any future increased levels of regulation.

Trending Articles

Announcing the 2023 The Best Lawyers in America Honorees


by Best Lawyers

Only the top 5.3% of all practicing lawyers in the U.S. were selected by their peers for inclusion in the 29th edition of The Best Lawyers in America®.

Gold strings and dots connecting to form US map

Announcing the 2022 Best Lawyers® in the United States


by Best Lawyers

The results include an elite field of top lawyers listed in the 28th Edition of The Best Lawyers in America® and in the 2nd Edition of Best Lawyers: Ones to Watch in America for 2022.

2022 Best Lawyers Listings for United States

2021 Best Lawyers: The Global Issue


by Best Lawyers

The 2021 Global Issue features top legal talent from the most recent editions of Best Lawyers and Best Lawyers: Ones to Watch worldwide.

2021 Best Lawyers: The Global Issue

The U.S. Best Lawyers Voting Season Is Open


by Best Lawyers

The voting season for the 31st edition of The Best Lawyers in America® and the 5th edition of Best Lawyers: Ones to Watch® in America is officially underway, and we are offering some helpful advice to this year’s voters.

Golden figures of people standing on blue surface connected by white lines

How To Find A Pro Bono Lawyer


by Best Lawyers

Best Lawyers dives into the vital role pro bono lawyers play in ensuring access to justice for all and the transformative impact they have on communities.

Hands joined around a table with phone, paper, pen and glasses

The Best Lawyers in Australia™ 2024 Launch


by Best Lawyers

Best Lawyers is excited to announce The Best Lawyers in Australia™ for 2023, including the top lawyers and law firms from Australia.

Australian Parliament beside water at sunset

How Palworld Is Testing the Limits of Nintendo’s Legal Power


by Gregory Sirico

Many are calling the new game Palworld “Pokémon GO with guns,” noting the games striking similarities. Experts speculate how Nintendo could take legal action.

Animated figures with guns stand on top of creatures

What the Courts Say About Recording in the Classroom


by Christina Henagen Peer and Peter Zawadski

Students and parents are increasingly asking to use audio devices to record what's being said in the classroom. But is it legal? A recent ruling offer gives the answer to a question confusing parents and administrators alike.

Is It Legal for Students to Record Teachers?

Inflation Escalation


by Ashley S. Wagner

Inflation and rising costs are at the forefront of everyone’s mind as we enter 2023. The current volatile market makes it more important than ever to understand the rent escalation clauses in current and future commercial lease agreements.

Suited figure in front of rising market and inflated balloon

The Upcycle Conundrum


by Karen Kreider Gaunt

Laudable or litigious? What you need to know about potential copyright and trademark infringement when repurposing products.

Repurposed Products and Copyright Infringemen

Best Lawyers: Ones to Watch in America for 2023


by Best Lawyers

The third edition of Best Lawyers: Ones to Watch in America™ highlights the legal talent of lawyers who have been in practice less than 10 years.

Three arrows made of lines and dots on blue background

A Celebration of Excellence: The Best Lawyers in Canada 2024 Awards


by Best Lawyers

As we embark on the 18th edition of The Best Lawyers in Canada™, we are excited to highlight excellence and top legal talent across the country.

Abstract image of red and white Canada flag in triangles

8 Different Types of Criminal Defenses in Law


by Best Lawyers

Learn about the different types of criminal defenses available in law, including innocence, self-defense, insanity and more. Protect your rights today.

Silver handcuffs laying on finger printed papers

Wage and Overtime Laws for Truck Drivers


by Greg Mansell

For truck drivers nationwide, underpayment and overtime violations are just the beginning of a long list of problems. Below we explore the wages you are entitled to but may not be receiving.

Truck Driver Wage and Overtime Laws in the US

Choosing a Title Company: What a Seller Should Expect


by Roy D. Oppenheim

When it comes to choosing a title company, how much power exactly does a seller have?

Choosing the Title Company As Seller

The 2024 Best Lawyers in Spain™


by Best Lawyers

Best Lawyers is honored to announce the 16th edition of The Best Lawyers in Spain™ and the third edition of Best Lawyers: Ones to Watch in Spain™ for 2024.

Tall buildings and rushing traffic against clouds and sun in sky