Skip to main content
New Cybersecurity Regulations Promulgated by New York's Department of Financial Services
Corporate Disputes Magazine (2017)
  • Barry R. Temkin
  • Robert Usinger, OneBeacon Insurance Group
The New York State Department of Financial Services (DFS) has promulgated new cybersecurity requirements which require regulated financial companies doing business in New York to adopt comprehensive written programs and procedures to prevent data breaches and other cybersecurity events. The new cybersecurity regulations, whose implementation has been postponed to March 1, 2017, affect any licensed entity doing business under the New York Banking Law, Insurance Law, or Financial Service Law, including insurance carriers, banks, insurance agents, consumer lenders, mortgage brokers and other entities under DFS jurisdiction. This regulation may signal a potential wave of cybersecurity requirements imposed by financial industry regulators. Since most financial firms do business in New York, the implications of the DFS cybersecurity regulations can be expected to be broad-reaching. And while Massachusetts has recently enacted a law requiring all businesses to encrypt confidential personal information stored on portable devices or transmitted electronically where technically feasible, New York’s regulations are directed specifically toward the financial services industry.
Under the new cybersecurity regulations, each financial services company operating in New York “shall establish and maintain a cybersecurity program to ensure the confidentiality, integrity and availability of the covered entity’s information systems.” The DFS regulations further require each cybersecurity program to identify internal and external cyber risks, develop and implement defensive infrastructure to protect the company’s information system, detect cybersecurity events and fulfil regulatory reporting obligations.
Lawyers who represent covered entities regulated by DFS should advise their clients regarding compliance with the new DFS cybersecurity regulations. In addition, law firms transmitting data to and from financial service companies in New York would be well-advised to ensure that their own information systems are adequately encrypted in order to facilitate their clients’ compliance with the new regulations.



  • cybersecurity,
  • cyberliability,
  • department of financial services,
  • dfs
Publication Date
January, 2017
Citation Information
Barry R. Temkin and Robert Usinger. "New Cybersecurity Regulations Promulgated by New York's Department of Financial Services" Corporate Disputes Magazine Iss. Jan.-March 2017 (2017)
Available at: