New York State Cyber Regulations landing page with black and white new york city skyline

Are You Ready for the New Cybersecurity Regulations?

Dawn of a New Era in Cybersecurity

Cybersecurity poses a complex challenge for banking, finance and insurance companies. And the challenge continues to grow while firms attempt to stay out of the headlines, meet compliance standards and cost-justify security.

This increased sensitivity to the high costs and long-term consequences of data breaches led the state of New York to develop a set of cybersecurity requirements, 23 NYCRR 500, for the financial industry. Now it’s time to devise a strategy to meet these new sweeping regulations.

With TripleHelix®, Assured Enterprises built the most comprehensive risk assessment system available, which gives organizations the capability to quantify and to measure progress in their cybersecurity programs. TripleHelix® provides granular information to banking, finance and insurance professionals, plus it meets and exceeds all the requirements in the 23 NYCRR 500.

Who Are the Regulations For?

Virtually anyone in the United States and beyond doing business in New York State in these industries: banking, finance, financial services and insurance are mandated to comply with the NY regulations.

Businesses and organizations with 10+ employees or $5M or more in gross revenue for each of past three fiscal years or $10M or more in total assets (including affiliates) must comply with the NY Regulation.

What are the Requirements & How do I Satisfy Them?

There are essentially 12 main requirements that must be solved for in order to remain in or bring your organization into compliance. Below are those main requirements listed under the Assured solution or service that satisfies them.

TripleHelix® Cybersecurity Assessment System

  • Periodic risk assessments
  • Timely response to incidents
  • Evaluation of policies, procedures
  • Risk mitigation to reduce negative outcomes
  • Fulfill applicable regulatory reporting obligations
  • Evaluation of third party providers

AssuredScanDKV® Deep Software Scanner

  • Biennial known vulnerability assessments

Assured Enterprises Cybersecurity Services

  • Annual penetration testing
  • Create a written cybersecurity policy and incident response plan.
  • Overlay of common law—commercially reasonable best efforts to secure proactive cybersecurity of sensitive data
  • Remediation and other professional services

DECENT™ Encryption Access Management System

  • Manage and provide data encryption

SOURCE: 23 NYCRR 500: CYBERSECURITY REQUIREMENTS FOR FINANCIAL SERVICES COMPANIES

 

Beyond the NY State Regulations

Is your organization subject to multiple compliance standards or regulations? Instead of having to go through the hassle, cost and time of conducting multiple assessments to address compliance requirements for your organization, TripleHelix® offers a one-stop, cost-effective comprehensive assessment with the option of delivering virtually any regulatory compliance cyber report into a customized, organization-specific Regulatory Compliance Dossier.

Whether you are in San Francisco, Chicago, London, Bahrain, Zurich, Singapore, Hong Kong or Sydney—you need Assured and TripleHelix®. Stop wasting your time and money on second-rate assessments.

Empower your organization with a comprehensive cybersecurity assessment and a Regulatory Compliance Dossier which includes reports that meet your unique compliance standards, guidelines and requirements. Use the dossier to target compliance before the regulator visits and to double-check the regulator’s accuracy.

 

Schedule a demo today and take the pressure off tomorrow.