Receive support from Digital Edge team on how to comply and report all your Cybersecurity events in New York State.
On July 31, 2017, the Department of Financial Services (DFS) has launched a new online portal to securely transmit in real time all notifications required under New York’s first-in-the-nation cybersecurity regulation. If you need assistance with registration or with any or all components of this cybersecurity framework, the Digital Edge team is available to meet your compliance needs!
This act is the first-in-the-nation cyber security regulation for financial institutions, and the requirements from DFS go beyond what we’ve historically seen from regulators. Banks, insurance companies, and companies that do business in New York must now assess their cyber risks, implement a comprehensive, written cybersecurity program, as well as manage the cyber risks of their third-party vendors. This groundbreaking regulation now holds company board members personally liable for annual compliance certification.
“DFS continues to implement innovative technologies and modernize its processes to better serve regulated entities and the New Yorkers they serve,” said Superintendent Maria Vullo. “With DFS’s leading cybersecurity regulation, the DFS cyber portal will allow New York’s financial institutions to quickly, easily, and securely report cybersecurity events and file required certifications of compliance, ensuring that the necessary safeguards are in place to protect New York consumers and financial institutions as the threat of cyber-attacks continues to increase.”
On this new DFS Web Portal covered entities can file:
- Notices of Exemption
- Certifications of Compliance
- Notices of Cybersecurity Events
Filings made through the DFS Web Portal are preferred to alternative filing mechanisms as the DFS Web Portal provides a paperless reporting tool to facilitate compliance with the DFS cybersecurity regulation.
Cyber Security Events
Beginning on August 28, 2017, all entities covered by DFS cybersecurity regulation must file certain notifications to the Superintendent including notices of certain cybersecurity events within 72 hours from a determination that a reportable event has occurred. A cybersecurity event is reportable if it falls into at least one of the following categories:
- The cybersecurity event impacts the covered entity and notice of it is required to be provided to any government body, self-regulatory agency or any other supervisory body; or
- The cybersecurity event has a reasonable likelihood of materially harming any material part of the normal operation(s) of the covered entity.
In addition, by February 15, 2018, covered entities must file a certificate of compliance stating that the covered entity has been in compliance for the previous calendar year.
It is critical for all regulated institutions that have not yet done so to move swiftly and urgently to adopt a cybersecurity program and for all regulated entities to be subject to minimum standards with respect to their programs. The number of cyber events has been steadily increasing and estimates of potential risk.
Let the Digital Edge Cyber Security Team ease the burden of implementing the robust NYDFS Cybersecurity Regulation. Contact our Sales Team for your free assessment and align yourself with DFS compliance today!