New York Increases Cybersecurity Rules for Financial Companies

Another example of a large and influential state doing things the federal government won’t:

Boards of directors, or other senior committees, are charged with overseeing cybersecurity risk management, and must retain an appropriate level of expertise to understand cyber issues, the rules say. Directors must sign off on cybersecurity programs, and ensure that any security program has “sufficient resources” to function.

In a new addition, companies now face significant requirements related to ransom payments. Regulated firms must now report any …

banking boards charged companies computer security cyber cybersecurity cybersecurity programs cybersecurity risk cybersecurity risk management directors doing expertise federal federal government financial government large management new york ransomware regulation retain risk risk management rules sign state things understand york