On Tuesday, November 28 Avi Gesser, Erez Liebermann and Stephanie Thomas of the Debevoise Data Strategy and Security group hosted a webcast that examined the final amendments to Cybersecurity Regulation, 23 NYCRR Part 500, announced by the NYDFS on November 1, 2023. They discussed what changes made it into the final version, and the implications that the final rules have for NYDFS-regulated entities. Important issues covered included:
- The timing for implementation of the new rules;
- The final definition of Class A companies and what is required of them;
- The changes to the multi-factor authentication obligations;
- The new business continuity and disaster recovery requirements;
- The final audit and risk assessment procedures; and
- The revised annual certification obligations and what now constitutes a violation of Part 500.
Our recent blog post on the final amendments to the NYDFS cyber rules can be read here.
To receive an on-demand recording of the webcast, please click HERE.
To access an on-demand recording of our webcasts on prior drafts of the amendments, please click below:
- A Summary of the Final Amendments to the NYDFS Cyber Rules — November 14, 2023
- New York DFS Revises Proposed Amendments to Cybersecurity Rule – July 7, 2023
- NYDFS New Draft Amendments to Part 500 Cybersecurity Rules – November 18, 2022
- NYDFS Draft Amendments to Part 500 Cybersecurity Rules – August 5, 2022