New York-chartered financial institutions must assess their cybersecurity risks and design plans to prevent, investigate and recover from online attacks, the state's primary banking regulator said in a final rule Thursday. Under the 14-page rule issued by the state's Department of Financial Services, financial institutions have at least one year to designate a chief information security officer who will lead an effort to monitor both internal and external cyberthreats, design approaches for detecting and responding to breaches and periodically test their ability to withstand attacks. Senior executives or boards of directors will also need to sign off on the strength...
Proposed regulations from the New York State Department of Financial Services and guidance from the Central Bank of Ireland released this month should prod compliance officers to talk more about the growing elephant in the room: cybersecurity.