By Bill Minahan | December 15, 2020 | 9 Comments
The New York Cyber Security Regulation, officially known as 23 NYCRR 500, is a regulation that requires financial service organizations and their third-party vendors to implement effective cyber security programs.
Additionally, the New York Cyber Security Regulation requires financial services firms operating in New York to have a full security risk assessment, cyber security plan, and a written information security program (WISP).
Essentially, the regulation includes 23 sections that require covered entities (those who are legally required to comply with the 23 NYCRR 500) to assess their cyber security risk and develop a plan to mitigate it.
Furthermore, the regulation was rolled out in 4 phases to give covered entities ample time to implement, test, and adjust new cyber security plans and policies.
According to Governor Cuomo, “This regulation helps guarantee the financial services industry upholds its obligation to protect consumers and ensure that its systems are sufficiently constructed to prevent cyber-attacks to the fullest extent possible.”
Well, let’s dive in!
All entities operating in the state of New York under banking law, insurance law, or financial services law are considered covered entities for the New York Cyber Security Regulation. Specifically, some examples of covered entities could be:
However, 23 NYCRR 500 also lists entities that are exempt from having to comply. Specifically, the exemption list for the New York Cyber Security Regulation includes organizations that:
To comply with the New York Cyber Security Regulation, businesses must take a few steps. The level of work required to comply varies greatly between businesses. Furthermore, the work required depends on the level of cyber security maturity each organization possessed before the regulation was put in place.
As a result, if you are a covered entity, you should know your organization’s cyber security posture. Specifically, look at the checklist below to see where your organization stands in regards to meeting compliance requirements.
All documentation and information relevant to the covered entity’s cybersecurity program shall be made available to the NYDFS superintendent upon request.
As a result, it’s important to have the proper documentation that meets each of the requirements outlined in 23 NYCRR 500.
aNetworks, Inc. provides customizable 23 NYCRR 500 WISP to take the burden of compliance off your hands.
For pricing information and more details on our 23 NYCRR 500 Written Information Security Program (WISP) see here.
The New York Cyber Security Regulation currently doesn’t provide any detail on how penalties or fines will be calculated. This is a concern for covered entities, as it could mean the sky’s the limit.
However, security and financial experts predict that NYDFS will calculate fines based on the existing New York Banking Law which uses the following benchmarks:
But, as noted, 23 NYCRR 500 is a relatively new regulation, so organizations will learn by example in terms of how the regulation is enforced as well as how it is penalized.
With those numbers, however, putting off implementation (knowing and willfully) for just one week could cost an organization half a million dollars.
Subsequently, these figures have put many of the covered entities into a frenzy to meet compliance requirements. Many of the affected organizations don’t have enough in-house resources or IT staff to comply with what many are calling high-stake and burdensome regulations.
As a result, covered entities have been outsourcing compliance issues to cyber security organizations. Organizations are using cyber security experts, rather than adding pressure to their own IT staff, to complete the risk assessment as well as create the cyber security program and policies.
The total cost of outsourcing compliance is around 1-2% of what the predicted penalties stated above would cost.
On the one hand, it’s easy to become overwhelmed by the New York Cyber Security Regulations. However, it doesn’t need to be a stressful process.
On the other hand, the risk assessment lays the groundwork for most of the steps your organization must take to become compliant. Luckily, a risk assessment is free and easy to use.
Furthermore, aNetworks offers one of the only automated cyber security risk assessment tools available online, and it’s free to use.
Moreover, after you take the risk assessment, we offer a complimentary meeting with one of our cyber security analysts to get the ball rolling on implementing the required cyber security programs and policies.
Additionally, if you need any assistance understanding the 23 NYCRR 500 compliance checklist, feel free to contact one of our security analysts to get you up to speed.
Finally, you can always find us on Twitter, Linkedin, and Facebook.
zoritoler imol
February 27, 2022 | 11:57 am
Useful info. Fortunate me I discovered your web site accidentally, and I am surprised why this accident did not happened in advance! I bookmarked it. https://www.zoritolerimol.com
graliontorile
February 15, 2022 | 2:44 am
certainly like your website but you need to check the spelling on several of your posts. A number of them are rife with spelling problems and I find it very troublesome to tell the truth nevertheless I will certainly come back again. http://www.graliontorile.com/
zoritoler imol
February 12, 2022 | 4:22 am
You have noted very interesting details! ps nice site. https://www.zoritolerimol.com
zortilo nrel
November 20, 2021 | 7:20 pm
Hi, just required you to know I he added your site to my Google bookmarks due to your layout. But seriously, I believe your internet site has 1 in the freshest theme I??ve came across. It extremely helps make reading your blog significantly easier. http://www.zortilonrel.com/
zortilonrel
November 11, 2021 | 1:10 am
I'm still learning from you, but I'm improving myself. I certainly enjoy reading everything that is posted on your blog.Keep the posts coming. I enjoyed it! http://www.zortilonrel.com/
buy anabolic online
October 21, 2021 | 10:21 am
Thanks for the good article, I hope you continue to work as well.
Rob
December 17, 2020 | 5:56 am
Just purchased your NYCRR WISP! Thank you for the info.
SEO Affiliate
January 23, 2020 | 4:45 pm
Awesome post! Keep up the great work! :)
product review
May 11, 2022 | 7:17 am
Really love your website design! Have you checked my wordpress website, do you like the theme? https://productreviewclick.blogspot.com/2022/03/product-review-click.html