NY DFS Part 500 Cybersecurity Regulation
Compliance for the Financial/Insurance sector
Since the regulation was adopted, the cybersecurity landscape has changed tremendously as threat actors have become more sophisticated and more prevalent, cyberattacks have become easier to perpetrate (such as with ransomware as a service) and more expensive to remediate, and additional cybersecurity controls are available to manage cyber risk at reasonable cost. Moreover, the Department has found, from investigating hundreds of cybersecurity incidents, that there is a tremendous amount that organizations can do to protect themselves. As a result, Part 500 was amended again, effective November 1, 2023.
Who is Affected Under the NYDFS Cybersecurity Regulation?
The NYDFS Cybersecurity Regulation covers any organization that is regulated by the Department of Financial Services. This includes:
- Licensed lenders
- State-chartered banks
- Trust companies
- Service contract providers
- Private bankers
- Mortgage companies
- Insurance companies doing business in New York
- Non-U.S. banks licensed to operate in New York
The regulation provides an exemption for organizations with:
- Fewer than 10 employees
- Less than $5 million in gross annual revenue for three years, or
- Less than $10 million in year-end total assets
Our Approach
We bring insights into how internal controls and processes can be established and optimized for NY DFS CYRR 500 to seamlessly achieve compliance for your organization. We implement the following requirements for you:
- Complete periodic risk assessments
- Establish and maintain a cybersecurity program
- Appoint qualified cybersecurity leadership
- Implement technical security controls
- Continuously monitor and test cybersecurity program effectiveness
- Create audit trail and reporting procedures
Our Services
Control Strategy & Program Management
Design and implement customized control strategies that adapt to your business landscape and provide appropriate governance.
Control Design & Implementation
We perform risk assessments, identify control gaps, provide recommendations, support remediation and validation efforts and support communications with regulators and external auditors.
Control Remediation
Mitigate risk by understanding root causes, performing lookbacks, execute a control remediation strategy, and provide testing to validate remediation.
Control Testing
We leverage the emerging technologies, including our proprietary control testing automation solution and testing-as-a-service capabilities, to efficiently test controls and focus resources in high value areas.
Our Office
477 Madison Ave, 6th Fl New York NY 10022
1390 Market St. #200 San Francisco CA 94102
Contact Us
(866) 966-0622
info@maverickconsultingcorp.com
Office Hours
Mon-Fri: 9am - 5pm
Sat-Sun: Closed