State Regulatory Developments

NY Department of Financial Services Releases Guidance on Ransomware

On June 30, 2021, the New York Department of Financial Services (DFS) released ransomware guidance aimed at protecting financial services companies and their customers.  The guidance urges each company to implement a cybersecurity program “that is proportionate to its resources and risk.”  Additionally, DFS announced in its guidance that it is considering amending its Cybersecurity Regulation to add necessary ransomware protection controls. Specifically, the guidance outlines its expectations including, but not limited to, email filtering and anti-phishing training; vulnerability/patch management; multi-factor authentication; password management; and privileged access management.