On September 13, the New York governor announced a regulation requiring banks, insurance companies, and other financial services institutions to "establish and maintain a cybersecurity program designed to protect consumers and ensure the safety and soundness of New York State's financial services industry." Regulated companies would have to annually certify compliance and designate an internal cybersecurity officer. The regulation is subject to a 45-day notice and public comment period before final adoption.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.