NY DFS Part 500 Cybersecurity Regulation

Compliance for the Financial/Insurance sector

Since the regulation was adopted, the cybersecurity landscape has changed tremendously as threat actors have become more sophisticated and more prevalent, cyberattacks have become easier to perpetrate (such as with ransomware as a service) and more expensive to remediate, and additional cybersecurity controls are available to manage cyber risk at reasonable cost. Moreover, the Department has found, from investigating hundreds of cybersecurity incidents, that there is a tremendous amount that organizations can do to protect themselves. As a result, Part 500 was amended again, effective November 1, 2023.

Who is Affected Under the NYDFS Cybersecurity Regulation?

The NYDFS Cybersecurity Regulation covers any organization that is regulated by the Department of Financial Services. This includes:

  • Licensed lenders
  • State-chartered banks
  • Trust companies
  • Service contract providers
  • Private bankers
  • Mortgage companies
  • Insurance companies doing business in New York
  • Non-U.S. banks licensed to operate in New York

The regulation provides an exemption for organizations with:

  • Fewer than 10 employees
  • Less than $5 million in gross annual revenue for three years, or
  • Less than $10 million in year-end total assets

Our Approach

We bring insights into how internal controls and processes can be established and optimized for NY DFS CYRR 500 to seamlessly achieve compliance for your organization. We implement the following requirements for you: 

  • Complete periodic risk assessments
  • Establish and maintain a cybersecurity program
  • Appoint qualified cybersecurity leadership
  • Implement technical security controls
  • Continuously monitor and test cybersecurity program effectiveness
  • Create audit trail and reporting procedures

Our Services

Control Strategy & Program Management

Design and implement customized control strategies that adapt to your business landscape and provide appropriate governance.

Control Design & Implementation

We perform risk assessments, identify control gaps, provide recommendations, support remediation and validation efforts and support communications with regulators and external auditors.

Control Remediation

Mitigate risk by understanding root causes, performing lookbacks, execute a control remediation strategy, and provide testing to validate remediation.

Control Testing

We leverage the emerging technologies, including our proprietary control testing automation solution and testing-as-a-service capabilities, to efficiently test controls and focus resources in high value areas.

Our Office

477 Madison Ave, 6th Fl New York NY 10022

1390 Market St. #200  San Francisco CA 94102

Contact Us

(866) 966-0622
info@maverickconsultingcorp.com 

Office Hours

Mon-Fri: 9am - 5pm
Sat-Sun: Closed

Follow Us