In March 2017, the New York State Department of Financial Services (DFS) implemented 23 NYCRR 500, generally referred to as the New York Cybersecurity Regulation. Its aim is to encourage financial services firms doing business in the state to minimize their security risks. Although many experts see the regulation as flawed, 23 NYCRR 500 is expected to set a precedent for cybersecurity laws and regulations in other states.
Given the importance of the financial services industry to New York’s economy, it’s easy to see why the DFS enacted the regulation. New York is home to many of the leading global and domestic financial institutions, which represents about 30 percent of the state’s gross domestic product (GDP).