New York state’s Department of Financial Services (NYDFS) has proposed updates to regulations in the oversight of cybersecurity risks. The proposal would require board approval of cyber policies at banks, insurers, and other financial institutions that meet a certain size threshold laid out by the regulator. Companies would also have to disclose whether their directors have the expertise to oversee security risks or if they rely on outside cyber consultants. The proposal updates New York’s first-of-its-kind cybersecurity rules for financial institutions. Companies that run afoul of the new rules would risk NYDFS fines. The proposal follows similar federal proposals in which the SEC had highlighted board cyber expertise in proposed breach-reporting rules. Both the SEC and NYDFS proposals highlight the fact that increased threats from ransomware are too broad for security experts to oversee on their own. The updated regulations are expected to increase pressure on companies to quickly gauge the business impacts of such events.
Finsum: Following in the SEC’s footsteps, the NYDFS has proposed an update to cybersecurity regulations that would require board approval of cyber policies at financial institutions.