As of August 28, certain financial services companies based in New York now have to comply with the state’s new cybersecurity requirements, known by the (very long) acronym 23 NYCRR 500. On the line for affected banks and insurers are both penalties for non-compliance and potential business loss if they continue to expose their businesses to cyber threats. The regulations took effect March 1, but included a three-month grace period for companies to get organized before needing to meet the first wave of mandates. Companies will have ongoing deadlines over the next two years as further layers of compliance continue…
[Continue Reading]