New York imposes new cybersecurity regulations

New regulation introduced by New York state that require banks and insurers adhere to certain cybersecurity standards have gone into effect.

The first US state-mandated ‘Cybersecurity requirements for financial services companies’ has drawn a mixed response, with the new rules welcomes by many business leaders and security experts.

However, there have also been criticisms that the new rules are not tough enough and fail to provide effective guidance in providing protection for companies and consumers.

“In its current form, the cyber security regulation proposed by New York State for banks and insurers is missing the mark, as it fails to address one key consideration: open banking,” said Ed Adshead-Grant, general manager of payments, Bottomline Technologies

“With the adoption of the Payment Services Directive (PSD2) regulation in Europe, we’re already seeing financial institutions across the pond implementing new technologies like open application program interfaces (APIs), and it’s clear that the trend will come to the US as well. The introduction of these technologies will give way to new security threats, requiring banks and insurers to implement real-time monitoring systems to identify and flag suspicious activity.

“While the proposed regulation’s requirement of multi-factor authentication is a solid step toward heightening security, that alone will not solve security problems if auditors are not watching how users – both internally and externally – are behaving in real-time.”


Related reading