Thank you for sharing!

Your article was successfully shared with the contacts you provided.
due diligenceMarch 1, 2019 marked the expiration of a two-year grace period for regulated entities (Covered Entities) to come into compliance with the New York Department of Financial Services’ (DFS) first-of-its-kind “Cybersecurity Requirements for Financial Services Companies” (the Cyber Requirements), 23 N.Y.C.R.R. 500. Now that the implementation phase is complete, DFS will no doubt look toward enforcing the Cyber Requirements. Indeed, Linda Lacewell, a former state and federal prosecutor, has been selected to serve as DFS’s next superintendent and recently called cybersecurity “the number one threat facing all industries and governments globally.” Lacewell also put Covered Entities on notice that compliance with the Cyber Requirements is going to “take center stage.”

Questions remain, however, regarding what components of the Cyber Requirements DFS will scrutinize most closely and to what degree. One area of significant concern for Covered Entities involves “Third-Party Service Providers.” The Cyber Requirements mandate that Covered Entities, which include state-licensed insurance companies and banks, “implement written policies and procedures designed to ensure the security of” information that is “accessible to, or held by, Third-Party Service Providers.” The Cyber Requirements define a Third-Party Service Provider as any individual or non-government entity that is (1) not affiliated with a Covered Entity, (2) provides services to a Covered Entity, and (3) maintains, processes or otherwise is permitted access to nonpublic information through its provision of services to the Covered Entity. DFS’s focus on third-party cyber risk does not come as a surprise, given that third-party vendors pose one of the greatest threats to entities from a cybersecurity standpoint.

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Advance® Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]


ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2021 ALM Media Properties, LLC. All Rights Reserved.