Posted on November 14, 2023 | 1 minute read

NYDFS Amendment to Cybersecurity Regulation

nys dfs seal

Avalon previously reported on proposed changes that may have a significant impact on the current 23 NYCRR Part 500 – Cybersecurity Requirements for Financial Services Companies (the Cybersecurity Regulation or Part 500) released by the New York State Department of Financial Services (NYSDFS). 

Part 500, a regulation establishing cybersecurity requirements for financial services companies, was declared by the Superintendent of Financial Services, and has been in place since March 2017.

Since adoption, the cybersecurity landscape has changed, and attacks have become more sophisticated and more expensive. There are many additional controls to help mitigate these threats that should be implemented by organizations to help protect themselves and, as such, on November 1, 2023, Part 500 was amended to help align with these changes and push for better security for financial services companies.

Please go to https://www.dfs.ny.gov/industry_guidance/cybersecurity for more information on the updates and related resources including available training sessions and implementation timelines for small businesses, Class A businesses, and covered entities.

Avalon can assist your organization with staying or becoming compliant through many of our services, including vCISO, vendor management, policy creation, and risk assessment.

Blog Articles

The CDK Incident and Recommended Actions from Avalon Cyber

The CDK Incident and Recommended Actions from Avalon Cyber

Thousands of car dealerships’ operations slowed to a halt last Wednesday as their core dealer management system, CDK, shut down. CDK Global announced that they were investigating a cyber incident and “Out of an abundance of caution and concern for our customers, we have shut down most of our systems and are working diligently to get everything up and running as quickly as possible” according to spokesperson, Lisa Finney. The company said later that day that most of their critical systems were back online, but the next day they announced that another incident had happened.

Read More
Get Ready for the New 36-Hour Cyber Breach Notification Rule for Financial Institutions

Get Ready for the New 36-Hour Cyber Breach Notification Rule for Financial Institutions

If you’re in the financial sector, no doubt you’ve already heard, and hopefully, are prepared or preparing for, the new federal banking rule regarding cyber breach notifications. This new rule, which took effect April 1, 2022, with full compliance required by May 1, 2022, requires banking organizations and bank service providers to notify banking regulators within 36 hours after a notification event, which is the tightest timeframe in U.S. history.

Read More
Cybercriminals Never Sleep (And Neither Do We)

Cybercriminals Never Sleep (And Neither Do We)

According to the latest cybersecurity industry research, market demand for Managed Detection and Response (MDR) services continues to climb. In fact, experts forecast that by 2024, 40% of midsize enterprises will use MDR as their only managed security service. That might sound like a large percentage, but because of the continued escalation of cyberattacks, more and more companies are realizing the importance of hiring experts to boost their cybersecurity posture.  

Read More
Achieve more, every day, by shifting a variety of critical business functions – eDiscovery, digital forensics, managed review and staff augmentation, legal document solutions, and cybersecurity – to the experts at Avalon.
 
Visit our paper services website at teamavalondocs.com
 

Solutions

Company

Knowledge Center

©2025 Surge Avalon Holdings. All rights reserved.