Show all

NY State Cybersecurity Regulations – Are you prepared?

Are YOU prepared for the New York State Cybersecurity Regulations that are in effect since March 1, 2017? All financial institutions under the Department of Financial Services (NYDFS) jurisdiction, even those whose headquarters are not based in New York, must comply with these new rules and regulations and we’re here to help.   If you are a banking, insurance or brokerage firm that uses a license to operate in New York, you are required to comply (with some exceptions).

New call-to-action

Deadlines for New York State Cybersecurity Regulations:

Below are the upcoming deadlines starting March 1st. Don’t jeopardize your institution by waiting too long!

  • Six months – IT security program and policies (500.02 & 500.03), access privileges (500.07), qualified cybersecurity personnel (500.10), and incident response plans (500.16).
  • One year – CISO reporting to the board of directors (500.04(b)), penetration testing and vulnerability assessments (500.05), risk assessments (500.09), multi-factor authentication (500.12), and cybersecurity awareness training (500.14(b)).
  • 18 months – Audit trails (500.06), application security (500.08), data retention (500.13), policies and procedures to monitor the activity of authorized users (500.14(a)), and encryption (500.15).
  • Two years – Third-party service provider security policy (500.11).

It looks overwhelming but it doesn't have to be. 24By7Security, Inc. can provide the required services needed to comply with the new requirements, and with a brief conversation with our compliance specialist, your search for help can be over!   Get a Free Compliance Consultation

For more information about this new law, please visit: (Or just Google NYDFS Cybersecurity Regulations)

Our services:

We offer a full range of services that will help you get compliant with the New York State Cybersecurity Regulations.   Here is an abbreviated list of Cyber/IT Security services we offer (more can be found on our website home page):

  • AssessmentsFFIEC Cybersecurity Assessment Tool, GLBA, IT Operational Assessments
  • Vulnerability Assessment – Internal, External, Web Application penetration testing
  • Policy & Procedure – Review, Development, and Revisions
  • Incident Response – Policy, Procedures, Runbook, Simulation
  • Third-Party Risk Program – Policy, Procedures, Risk Assessment, Annual Survey
  • CISO as a Service – On a part-time basis depending on the size of the institution

Contact us at (844) 55-CYBER at ext. 709 or ext. 707 today or send us an email at


24By7Security, Inc. is a premier National Cybersecurity and Compliance consulting firm. We are Cybersecurity & Compliance specialists with extensive hands on experience helping businesses build a defensive IT Infrastructure against all cyber security threats.

Related posts

December, 6 2022
November, 29 2022
November, 22 2022

Comments are closed.

Insider sabotage - still an issue for CISOs
4 ways of protection from Cyber Attacks
Subscribe to our Blog!