Select Page

NYS Cyber Security

About Us

 

We know that understanding the ever-evolving regulatory landscape can be a challenge. Our goal is to help businesses and organizations comply with new 23 NYCRR Part 500 regulations.
Complying with these new rules is important for businesses operating in our digital landscape, and having guidance has never been more important.

23 NYCRR 500

 

 

Deadline February 15, 2018

Click here to get compliant

1. What is 23 NYCRR 500?

Effective on March 1, 2017, the New York State regulation known as 23 NYCRR 500 established new cybersecurity requirements for financial services companies. This was enacted in order to help protect customer information from attack or theft by cyber criminals, terrorist organizations, malicious state actors, etc.

Information about the adoption of these new requirements can be viewed at the New York State
Department Of Financial Services website here.

2. Who does the law apply to?

The law applies to organizations licensed by the New York Department of Financial Services. Some examples from the NYDFS include but are not limited to:

  • Property and Casualty Insurance Companies
  • Banks & Trust Companies
  • Charitable Foundations
  • Life Insurance Companies
  • Sales Finance Companites
  • Mortgage Brokers and Bankers
  • Health Insurers, Accident and related entities
  • NYS Regulated Corporations
  • …and many more

If you are unsure if you fall into any of these categories, please contact us as soon as possible.

 

3. What are the penalties for being out of compliance?  

The penalties are unclear at the moment, with the exception that punishments are at the discretion of the NYDFS Superintendent within their legal authority. If HIPAA penalties serve as any guide, they ramifications of not complying with 23 NYCRR 500 could be severe:

  • Hundreds or thousands of dollars per individual violation, per day out of compliance
  • Tens or hundreds of thousands of dollars and even jail time for wrongful conduct

 

4. What’s the next step for my organization?

(Updated 7/2/18)

Given that some deadlines have already passed, it is absolutely crucial that your company or organization implement all security protocols that apply to you to avoid enforcement penalties from the NYS Department of Financial Services. For assistance or more information, please reach out to us using the form provided below.

Get Compliant