On August 5, 2022, Partner Ed McAndrew was quoted in Global Data Review in an article titled “NYDFS proposes upping the stakes for ransomware payments and tech audits.” The New York State Department of Financial Services has proposed cybersecurity amendments for all financial institutions licensed in the state. The proposals relate to transparency, including one that would require institutions to report ransomware payments within 24 hours, then within 30 days, explain in writing why the payment was necessary.
McAndrew says some of the proposed amendments are very significant and would be “operationally difficult to implement – particularly with the tight time frames the department is proposing.” Most requirements would have to be implemented within either 180 days or one year after the effective date of the amendment. “That’s not a lot of time,” McAndrew adds.
Read the article (subscription required)