New York Department of Financial Services Cybersecurity Regulation
What is the NYDFS regulation (23 NYCRR 500)?
In a nutshell… “The regulation requires each company to assess its specific risk profile and design a program that addresses its risks in a robust fashion.” 
The regulation is in response to the ever-growing threat posed to information & financial systems. The requirements are primarily focused on an organization’s risk (discovered through a risk assessment) and how to control risk once identified.
Do these regulations apply to me?
If you or your organization are “required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, the Insurance Law or the Financial Services Law”  and you are licensed in NY State, this regulation applies to you.
Most of the requirements apply to businesses that answer “yes” to all the following questions:
- Does your organization have 10 or more employees?
- Did your New York operations gross annual revenue hit $5,000,000 or more in one of the last three fiscal years?
- Did you have $10,000,000 or more in year-end total assets at the end of your last fiscal year?
Okay, that’s me… now what?
Like all regulations, there are certain actions that need to be conducted, documented & reported within a set of deadlines to be in compliance. Failure to comply results in penalties; NYDFS 23 NYCRR 500 has not stated specific penalties yet.
Let’s be real…
Whether you already have adequate security measures in place, starting from scratch or somewhere in the middle, we have worked with a company like yours. In fact, since we acknowledge revenue in NY State we must comply with the cyber security regulation as well.
For a “common sense” breakdown of the NYDFS cybersecurity regulation and next steps towards compliance, download our NYDFS Roadmap by filling out the form on this page.
Where to Turn?
For 16 years, we have helped organizations know they are secure & prove they are compliant. Although NYDFS 23 NYCRR 500 is a new regulation, its form and requirements are not.
Whether you are just looking for a little guidance or a partner to completely handle your NYDFS compliance requirements, our team of experts are here to support your goals & objectives.
Contact an information security expert today.Contact Us
 New York State Department of Financial Services 23 NYCCR 500, Cybersecurity Requirements for Financial Services Companies, Section 500.00.