On March 1st of this year, the Department of Financial Services put out “first-in-the-nation” cybersecurity regulation due to the increase of consistency and sophistication of cyber attacks over recent years. Although a lot of what the new regulation is asking for is already considered best-practice, many companies have not implemented these processes. Come September this can result in fines on top of the already-existing risk of a security breach.
As an IT/Security professional in the financial industry, a whole new level of responsibility has been forced onto your shoulders.
Does 23 NYCRR 500 matter to me?
If you operate or work within New York State then, yes. To what extent is a different story. There is a “Limited Exemption” rule that eliminates certain requirements based on the following criteria. If your company harbors ANY of the following criteria, then you qualify for the exemption within 23 NYCRR 500. Instructions on filing a notice of exemption.
- Fewer than 10 employees (Including independent contractors)
- Less than $10 Million in year-end total assets
- Less than $5 million in gross revenue
Learn how to file an exemption click here