- Chief Compliance Officer and VP of Legal Affairs, Arrow Electronics
By 
Aaron Nicodemus2024-05-14T16:59:00
The New York State Department of Financial Services (NYDFS) issued guidance for small businesses attempting to comply with its cybersecurity regulations.
New York has had rules for financial institutions regarding cybersecurity in place since 2017. The state issued amended rules in 2023 that require financial institutions to conduct risk assessments more often and improve governance.
Under the amended rules, “[C]overed entities must maintain a cybersecurity program designed to identify and assess cybersecurity risks; protect nonpublic information (such as confidential customer information or sensitive business information) and the computers, phones, and other electronic devices storing such information from unauthorized access and other malicious acts; detect, respond, and recover from cybersecurity events; and comply with applicable regulatory reporting obligations,” the NYDFS said Monday in a guidance letter.
THIS IS MEMBERS-ONLY CONTENT. To continue reading, choose one of the options below.
News and analysis for the well-informed compliance or audit exec. Select an option and click continue.
Annual Membership $499 Value offer
Full price one year membership with auto-renewal.
Membership $599
One-year only, no auto-renewal.
A business communications and marketing services company agreed to pay more than $2 million to settle charges levied by the Securities and Exchange Commission over cybersecurity-related control violations.
Guidehouse and Nan McKay and Associates will pay a total of $11.3 million to the Department of Justice (DOJ) to settle allegations that cybersecurity failures led to the theft of client personal information during the height of the COVID-19 pandemic.
The Environmental Protection Agency is increasing its inspections of public drinking water systems after finding a majority of those reviewed were vulnerable to cyberattacks and related threats.
Any product that uses AI needs to be safety assessed for its entire lifespan under new rules that went into effect recently across the EU. Experts warned companies using AI to tailor products could be classed as “manufacturers” and face the same duty of care as developed.
When lawmakers slam the U.K.’s chief financial regulator as “incompetent,” it not only opens the doors for others to pile criticism on it, but it sparks a debate about how the organization can be improved–or removed.
The U.K. Financial Conduct Authority apologized to investors in peer-to-peer investment firm Collateral for not acting swiftly enough to prevent Collateral from defrauding its customers.
