New York delays deadline on cybersecurity rules
- The New York State Department of Financial Services announced Wednesday that it will delay a deadline for banks and insurers doing business in the state to meet new cybersecurity rules, Reuters reports.
- The agency said it will publish a new version of its cybersecurity rules in the New York State Register on Dec. 28, but did not indicate what changes will be made. The new effective date is expected to be March 1, 2017, rather than the original deadline of January 1, 2017, Reuters sources said.
- Banks and insurers began asking for an extension of the deadline and other changes since the rules were introduced in September.
U.S. lawmakers have grown more concerned about financial security after the Bangladesh heist in February, wherein cybercriminals used the SWIFT banking network to request nearly $1 billion from an account at the Federal Reserve Bank of New York.
The state regulation is one of the first of its kind in the U.S. If New York’s approach proves effective in holding banks accountable and improving cybersecurity practices in the financial services sector, other states may soon follow suit.
The new rules were proposed by New York Governor Andrew Cuomo in September. They would require banks, insurance companies and other financial services institutions regulated by the State Department of Financial Services to establish and maintain a cybersecurity program.
The regulation would also require regulated financial institutions to designate a CIO responsible for enforcing the cybersecurity program and additional requirements designed to help protect the "confidentiality, integrity and availability of information systems."