New York Launches Online Cybersecurity Portal
08/30/17 – New York Department of Financial Services (DFS) has launched an online portal to transmit in real time all notifications required under New York cybersecurity regulation.
The New York cybersecurity regulation requires all banks, insurance companies, and other financial services institutions regulated by DFS to establish and maintain a cybersecurity program designed to protect consumers’ private data and ensure the safety and soundness of New York’s financial services industry.
As of August 28, 2017, all entities covered by DFS cybersecurity regulation must file certain notifications to DFS, including notices of certain cybersecurity events within 72 hours from a determination that a reportable event has occurred. A cybersecurity event is reportable if it falls into at least one of the following categories:
- The cybersecurity event impacts the covered entity and notice of it is required to be provided to any government body, self-regulatory agency or any other supervisory body; or
- The cybersecurity event has a reasonable likelihood of materially harming any material part of the normal operations of the covered entity.
In addition, by February 15, 2018, covered entities must file a certificate of compliance stating that the covered entity has been in compliance with the cybersecurity regulation for the previous calendar year.
Filings can now be made through the DFS Web Portal and are the DFS preferred method for filings. The DFS Web Portal can be found at http://www.dfs.ny.gov/about/cybersecurity.