Events, Financial Services, Government and Risk

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Data Protection Report

NOVEMBER 8, 2023

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. This notice requirement explicitly applies to cybersecurity incidents occurring to the covered entity itself, its affiliates, or a third-party service provider.

Financial Services

Financial Services Cybersecurity Compliance Government

Turning climate risks into business opportunities

IBM Big Data Hub

MARCH 27, 2024

Climate change causes extreme weather events across the world that endanger people’s lives and disrupt the businesses on which they depend. What is climate risk? To put it simply, climate risk is the potential for the effects of climate change to disrupt our current economic and social structures.

Risk

Risk Artificial Intelligence Agriculture Financial Services

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Hunton Privacy

NOVEMBER 23, 2022

On November 9, 2022, the New York Department of Financial Services (NYDFS) released its second, proposed amendments to the Part 500 Cybersecurity Rule. Any cybersecurity event that affects a third-party service provider that also affects the covered entity. Cybersecurity Governance. Cybersecurity Plan.

Financial Services

Financial Services Cybersecurity Ransomware Compliance

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

Capital Markets, AI, and the need for governance

Collibra

OCTOBER 31, 2023

With business and technology leaders from around the globe exploring how data fuels the industry, and presentations on everything related to accelerating financial data pipelines and delivering data in the cloud, the event offered executive thought leadership on emerging technologies. Already using AI?

Marketing

Marketing Government Financial Services Artificial Intelligence

Risk Management under the DORA Regulation

IT Governance

NOVEMBER 23, 2023

Perhaps even more concerning to EU lawmakers is how dependent society at large is on banking and other financial services. In turn, financial institutions heavily depend on ICT to be able to provide those services to begin with. That really shouldn’t surprise us – these are lucrative targets for cyber criminals.

Risk

Risk Data breaches Authentication Financial Services

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Data Matters

FEBRUARY 10, 2021

On February 4, 2021, the New York Department of Financial Services (NYDFS) issued Circular Letter No. 2 announcing a Cyber Insurance Risk Framework (the Framework) that describes industry best practices for New York-regulated property/casualty insurers. Insurers should: Establish a Formal Cyber Insurance Risk Strategy.

Insurance

Insurance Financial Services Cybersecurity Risk

Summary – “Industry in One: Financial Services”

ARMA International

NOVEMBER 7, 2019

The scope of a records and information management (RIM) program in financial services can seem overwhelming. Compared to other industries, the complexities of managing records and information in financial services are arguably some of the toughest to solve, primarily because of the intense regulatory scrutiny.

Financial Services

Financial Services Communications Compliance Risk

Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs

Hunton Privacy

AUGUST 15, 2022

On July 29, 2022, the New York Department of Financial Services (“NYDFS”) posted proposed amendments (“Proposed Amendments”) to its Cybersecurity Requirements for Financial Services Companies (“Cybersecurity Regulations”). As part of the “risk assessment” requirements under Section 500.9 Additional Requirements.

Financial Services

Financial Services Cybersecurity Risk Passwords

Building for operational resilience in the age of AI and hybrid cloud

IBM Big Data Hub

MARCH 20, 2024

Organizations in the financial services, healthcare and other regulated sectors must place an even greater focus on managing risk—not only to meet compliance requirements, but also to maintain customer confidence and trust. Similarly, in the U.S.

Cloud

Cloud Financial Services Risk Business Services

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services

Financial Services Cybersecurity Insurance Risk

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Hunton Privacy

JULY 5, 2023

On June 28, 2023, the New York Department of Financial Services (“NYDFS”) published an updated proposed Second Amendment (“Amendment”) to its Cybersecurity Regulation, 23 NYCRR Part 500. As described below, senior governing bodies would have new oversight responsibilities under the amendments.

Cybersecurity

Cybersecurity IT Compliance Financial Services

Russia-Ukraine cyber conflict poses critical infrastructure at risk

Security Affairs

MARCH 14, 2022

While the Russia-Ukraine cyber conflict goes on, nation-state actors, crooks, and hacktivists continue to pose critical infrastructure at risk. Critical infrastructure is a privileged target for almost any kind of threat actor, the ongoing Russia-Ukraine cyber conflict is posing them at risk. ” reported researchers from Cyble.

Risk

Risk Financial Services Manufacturing Communications

NYDFS finalizes cybersecurity rule amendments

Data Protection Report

NOVEMBER 2, 2023

On November 1, 2023, the New York Department of Financial Services (NYDFS) finalized the second amendment to its cybersecurity regulations, which are available here. NYDFS retained the broader term “cybersecurity event” that it uses in several sections of the regulation, but, with respect to notifications to NYDFS (§ 500.17(a)),

Cybersecurity

Cybersecurity Compliance Financial Services Government

Market Leading Cybersecurity and National Security Lawyers David Lashway and John Woods Join Sidley in Washington, D.C.

Data Matters

MAY 4, 2022

By adding these two global market leaders, we are expanding our expertise to better support our clients with the ever growing risks associated with national security and cybersecurity matters across our multi-disciplinary practices.”.

Cybersecurity

Cybersecurity Marketing Security Privacy

Deployable architecture on IBM Cloud: Simplifying system deployment

IBM Big Data Hub

APRIL 22, 2024

Modularity : Deployable architecture follows a modular design pattern, where different components or services are isolated and can be developed, tested and deployed independently. This allows for easier management and reduces the risk of dependencies causing deployment issues.

Cloud

Cloud Financial Services Compliance Systems administration

Black Friday and Cyber Weekend: Navigating the Tumultuous Waters of Retail Cybersecurity

Thales Cloud Protection & Licensing

NOVEMBER 20, 2023

Black Friday and Cyber Monday, both hailed as the epitome of shopping extravagance, are also synonymous with a heightened risk of cyberattacks on retail platforms. It becomes, therefore, essential for retailers to consider the fresh insights provided by the Thales 2023 Data Threat Report – Financial Services Edition.

Retail

Retail Cybersecurity Financial Services Encryption

Why you should keep data observability separate from data cleansing

Collibra

MAY 16, 2022

Consider the examples from our peer industries: Operational Risk. For financial services, data governance found its roots in risk. As CROs prioritized Operational Risk post the 2007 financial crisis, those leaders also looked to centralized thought like the Basel Accords. Cyber Security.

Risk

Risk Government Financial Services Access

NYDFS proposes significant cybersecurity regulation amendments

Data Protection Report

AUGUST 11, 2022

On July 29, 2022, the New York Department of Financial Services (NYDFS) announced a “pre-proposed outreach” of material proposed changes to almost every section of its cybersecurity regulations, and would affect each entity covered by the current regulations of 23 NYCRR Part 500. Governance. The Proposed Regulation Changes.

Cybersecurity

Cybersecurity Risk Passwords Compliance

Navigating the digital wave: Understanding DORA and the role of confidential computing

IBM Big Data Hub

FEBRUARY 5, 2024

The Digital Operational Resilience Act (DORA) marks a significant milestone in the European Union’s (EU) efforts to bolster the operational resilience of the financial sector in the digital age.

Encryption

Encryption Data Privacy Compliance Cloud

Capture & IDP Conference 2023 Highlights

Info Source

SEPTEMBER 14, 2023

Andrew discussed the risks and dangers associated with AI, as well as litigation in development that will affect the market. Palmer took attendees through his complex journey or re-engineering the system to the point where it has removed financial risk from the U.S.

Marketing

Marketing CMS Financial Services Cloud

Managing the regulatory risks of cybersecurity: An evolving regulatory landscape

CGI

MAY 26, 2016

Managing the regulatory risks of cybersecurity: An evolving regulatory landscape. Financial institutions in the U.S. are well aware of the business risks related to cybersecurity but there are an increasing number of related regulatory risks that also need to be addressed. Enterprise technology risk assessment.

Cybersecurity

Cybersecurity Risk Financial Services Compliance

List of data breaches and cyber attacks in September 2021 – 91 million records breached

IT Governance

SEPTEMBER 30, 2021

Nevada Restaurant Services, Inc. Provides Notice Of Data Privacy Event | | djournal.com (0). SC: Dorchester County Government Notice of February Security Incident (databreaches.net) (0). HBP Financial Services Group notice of breach impacting Pathology Consultants of New London, PC (databreaches.net) (0).

Data breaches

Data breaches Ransomware Financial Services Privacy

Keeping Up with New Data Protection Regulations

erwin

APRIL 11, 2019

Some industries, such as healthcare and financial services, have been subject to stringent data regulations for years: GDPR now joins the Health Insurance Portability and Accountability Act (HIPAA), the Payment Card Industry Data Security Standard (PCI DSS) and the Basel Committee on Banking Supervision (BCBS). employees).

GDPR

GDPR e-Discovery Compliance Metadata

New York Regulators Call on Insurers to Strengthen the Cyber Underwriting Process

Hunton Privacy

FEBRUARY 25, 2021

As reported on the Hunton Insurance Recovery blog , on February 4, 2021, the New York Department of Financial Services (“NYDFS”), which regulates the business of insurance in New York, has issued guidelines, in the Insurance Circular Letter No. billion were made under property/casualty policies that were silent about cyber risks.

Insurance

Insurance Cybersecurity Risk Education

The Week in Cyber Security and Data Privacy: 4 – 10 December 2023

IT Governance

DECEMBER 11, 2023

Source (New) Professional services USA Yes 10,799 Blue Waters Products Limited Source (New) Manufacturing Trinidad and Tobago Yes >10 GB Getrix Source (New) Technology Italy Yes 10 GB Nida Corporation Source (New) Manufacturing USA Yes 10 GB Kirkwood Bank & Trust Source (New) Finance USA Yes 8,719 Baird Insurance Services, Inc.

Data Privacy

Data Privacy Energy and Utilities Privacy Manufacturing

CyberheistNews Vol 13 #22 [Eye on Fraud] A Closer Look at the Massive 72% Spike in Financial Phishing Attacks

KnowBe4

MAY 31, 2023

That's right – the financial services industry, at least according to cybersecurity vendor Armorblox's 2023 Email Security Threat Report. According to the report, the financial services industry as a target has increased by 72% over 2022 and was the single largest target of financial fraud attacks, representing 49% of all such attacks.

Phishing

Phishing File names Security awareness Risk

Peter Marta, Former Global Head of Cybersecurity Law at JPMorgan joins Hogan Lovells Privacy and Cybersecurity Practice

HL Chronicle of Data Protection

JULY 15, 2019

Pete is an established leader in the banking and financial services sectors. At Hogan Lovells, Pete will draw on his multidisciplinary background to advise companies and boards on cyber and data-risk management and governance, cyber incident preparedness and response, regulatory strategy, and government and internal investigations.

Cybersecurity

Cybersecurity Privacy Financial Services Government

The compliance challenges of hybrid working

IT Governance

AUGUST 26, 2021

For example, financial services firms may be worried about employees breaching insider trading laws. A hybrid working model creates new security risks for organisations – not least because data is frequently transferred between office-based and remote employees. Addressing technical vulnerabilities.

Compliance

Compliance Data breaches Privacy Risk

CISA issues proposed rules for cyber incident reporting in critical infrastructure

Data Protection Report

APRIL 9, 2024

Sector-Based Criteria: CISA’s sector-based criteria captures smaller entities that may not meet the size threshold but are nonetheless considered “high-risk,” such as critical access hospitals in rural areas, owners and operators of nuclear facilities, and large school districts.

Ransomware

Ransomware Agriculture Cybersecurity Government

Congress Passes Cyber Incident Reporting for Critical Infrastructure Act of 2022

Data Matters

MARCH 21, 2022

The reporting requirements will cover multiple sectors of the economy, including chemical industry entities, commercial facilities, communications sector entities, critical manufacturing, dams, financial services entities, food and agriculture sector entities, healthcare entities, information technology, energy, and transportation.

Ransomware

Ransomware Cybersecurity Agriculture Communications

ManageEngine Product Review

eSecurity Planet

APRIL 8, 2021

There are also many specific use cases for education, healthcare, manufacturing, government and financial services. It also helps IT admins monitor users system-wide and identify those who pose the highest risk based on bandwidth consumption. It’s versatile, especially for Microsoft Windows and Azure ecosystems.

Cloud

Cloud Financial Services Compliance Manufacturing

The Importance of “Legacy” in Colleges and Universities

Rocket Software

JUNE 3, 2020

Most schools don’t teach it and don’t want to, yet recent events have shown that this viewpoint will become a bigger issue, especially with COBOL programming. . COBOL programming has been around for more than 60 years, and many consider this a “legacy” language, even though it is still used by governments and the financial services sector.

Agriculture

Agriculture Education Financial Services Government

“Am I a CII operator?” – New regulation in China provides more clarity

Data Protection Report

AUGUST 18, 2021

notify the Protecting Authorities in the event of merger, division or dissolution of the CII operator, and dispose of the CII in accordance with the requirements of the Protecting Authorities. Consistently with the CSL, the CII Security Regulation defines CII as: “important network facilities, information systems etc.

Financial Services

Financial Services Data collection Security Communications

What is a Cyberattack? Types and Defenses

eSecurity Planet

JUNE 16, 2022

These new attacks affect everything from private citizens and businesses to government systems; healthcare organizations; public services; and food, water, and fuel supply chains. Capital markets, insurance, financial services, and banking are now online. Security information and event management (SIEM).

Ransomware

Ransomware Cybersecurity Phishing Encryption

Institutional Investor’s Introduction to Blockchain and Digital Asset Investing

Data Matters

NOVEMBER 2, 2021

Another benefit is that the product is traded on a regulated futures exchange, which means regulatory and clearinghouse rules determine margin and position limits designed to reduce systemic risk to all customers exposed to the exchange overall. Overview of Trade Execution Services Offered Through Digital Asset Prime Brokerage.

Blockchain

Blockchain Marketing Access Risk

OCR and Health Care Industry Cybersecurity Task Force Publish Cybersecurity Materials

Hunton Privacy

JUNE 12, 2017

Department of Health and Human Services’ Office for Civil Rights (“OCR”) and the Health Care Industry Cybersecurity Task Force (the “Task Force”) have published important materials addressing cybersecurity in the health care industry. lists key steps that an organization must undertake in the event of a cyber attack. What do we do now?,”

Cybersecurity

Cybersecurity Computer and Electronics Education Financial Services

The Impact of Data Protection Laws on Your Records Retention Schedule

ARMA International

APRIL 18, 2022

The purpose of this article is to remove the fear and intimidation of domestic and global data protection laws and show how these laws and requirements are consistent with the existing objectives of your records retention schedule and information governance policy. Definition and Purpose of a Records Retention Schedule.

Personal data

Personal data GDPR Privacy Records Management

Unlocking the power of chatbots: Key benefits for businesses and customers

IBM Big Data Hub

JANUARY 18, 2024

While overseas enterprises offer outsourcing options for some of these functions, using them might have significant costs and risks, reducing your control over your brand’s customer interactions. Government Empower citizens to access basic information on paying bills and upcoming events by using chatbots.

Sales

Sales Artificial Intelligence Communications Marketing

FinCEN Issues Notice on Reporting COVID-19 Criminal and Suspicious Activities, Companion Advisory on COVID-19-Related Medical Scams

Data Matters

MAY 21, 2020

FinCEN expects financial institutions to continue to follow a risk-based approach and to diligently adhere to their BSA obligations. Government Agencies — Whom to Contact. Coronavirus Aid, Relief and Economic Security Act-related fraud or other COVID-19-related financial crime : Contact local U.S.

e-Discovery

e-Discovery Government Cybersecurity Financial Services

The Week in Cyber Security and Data Privacy: 15 – 21 January 2024

IT Governance

JANUARY 23, 2024

Source (New) Real estate USA Yes 46,906 Hampton-Newport News Community Services Board Source 1 ; source 2 ; source 3 (New) Healthcare USA Yes 44,312 Air Methods Source 1 ; source 2 (New) Healthcare USA Yes 34,016 GREYHOURS Source (New) Retail France Yes 18,700 Groveport Madison Schools Source 1 ; source 2 ; source 3 (Update) Education USA Yes 15.5

Data Privacy

Data Privacy Privacy Manufacturing Retail

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

HL Chronicle of Data Protection

MARCH 14, 2019

The plan must enable FIs to promptly respond to and recover from security events affecting customer information. It must also address the goals of the plan, internal processes for responding to a security event, and documentation and reporting regarding security events and related incident response activities.

Privacy

Privacy Risk Cybersecurity Information Security

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

Data Matters

FEBRUARY 25, 2021

This follows the FCA’s announcement in its 2020-21 business plan that payment services were one of its main supervisory priorities 1 and its temporary guidance of July 9, 2020, on prudential risk management and safeguarding in light of the COVID-19 pandemic ( Temporary COVID Guidance ). Prudential risk management.

Authentication

Authentication Paper Risk Insurance

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

DLA Piper Privacy Matters

AUGUST 23, 2021

We have summarised the key compliance obligations under the PIPL below, with new obligations in bold for ease of reference: Relevant Laws/Regulations The PIPL becomes the primary, national-level law governing processing of personal information, but does not replace the existing data privacy framework.

Data Privacy

Data Privacy Privacy Compliance Analytics

CyberheistNews Vol 13 #07 [Scam of the Week] The Turkey-Syria Earthquake

KnowBe4

FEBRUARY 14, 2023

For KnowBe4 customers, we have a few templates with this topic in the Current Events. Based on alerts generated by your existing security stack products , SecurityCoach analyzes and identifies detected threat events to send your users a contextual, real-time SecurityTip at the moment risky behavior occurs.

Phishing

Phishing Security awareness Compliance Risk

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Turning climate risks into business opportunities

Webinars

Trending Sources

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Webinars

Capital Markets, AI, and the need for governance

Risk Management under the DORA Regulation

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Summary – “Industry in One: Financial Services”

Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs

Building for operational resilience in the age of AI and hybrid cloud

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Russia-Ukraine cyber conflict poses critical infrastructure at risk

NYDFS finalizes cybersecurity rule amendments

Market Leading Cybersecurity and National Security Lawyers David Lashway and John Woods Join Sidley in Washington, D.C.

Deployable architecture on IBM Cloud: Simplifying system deployment

Black Friday and Cyber Weekend: Navigating the Tumultuous Waters of Retail Cybersecurity

Why you should keep data observability separate from data cleansing

NYDFS proposes significant cybersecurity regulation amendments

Navigating the digital wave: Understanding DORA and the role of confidential computing

Capture & IDP Conference 2023 Highlights

Managing the regulatory risks of cybersecurity: An evolving regulatory landscape

List of data breaches and cyber attacks in September 2021 – 91 million records breached

Keeping Up with New Data Protection Regulations

New York Regulators Call on Insurers to Strengthen the Cyber Underwriting Process

The Week in Cyber Security and Data Privacy: 4 – 10 December 2023

CyberheistNews Vol 13 #22 [Eye on Fraud] A Closer Look at the Massive 72% Spike in Financial Phishing Attacks

Peter Marta, Former Global Head of Cybersecurity Law at JPMorgan joins Hogan Lovells Privacy and Cybersecurity Practice

The compliance challenges of hybrid working

CISA issues proposed rules for cyber incident reporting in critical infrastructure

Congress Passes Cyber Incident Reporting for Critical Infrastructure Act of 2022

ManageEngine Product Review

The Importance of “Legacy” in Colleges and Universities

“Am I a CII operator?” – New regulation in China provides more clarity

What is a Cyberattack? Types and Defenses

Institutional Investor’s Introduction to Blockchain and Digital Asset Investing

OCR and Health Care Industry Cybersecurity Task Force Publish Cybersecurity Materials

The Impact of Data Protection Laws on Your Records Retention Schedule

Unlocking the power of chatbots: Key benefits for businesses and customers

FinCEN Issues Notice on Reporting COVID-19 Criminal and Suspicious Activities, Companion Advisory on COVID-19-Related Medical Scams

The Week in Cyber Security and Data Privacy: 15 – 21 January 2024

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

CyberheistNews Vol 13 #07 [Scam of the Week] The Turkey-Syria Earthquake

Stay Connected