New York financial officials propose updates to state cyber regulation, with three tiers of covered companies

The New York State Department of Financial Services has issued a proposal to update its cybersecurity rules for the sector, with new requirements on incident reporting, security controls and governance, coupled with a tiered approach for applying the regulations to different types of businesses.

“With cyber-attacks on the rise, it is critical that our regulation keeps pace with new threats and technology purpose-built to steal data or inflict harm,” DFS Superintendent Adrienne Harris said in a Wednesday release.