Your company may be required by New York State to review its cyber profile and implement a cybersecurity plan to assess and remediate vulnerabilities and protect your organization moving forward. The regulation is designed to promote the protection of client information as well as the technology systems of regulated entities. It requires each company to assess its specific risk profile and design a program that addresses its risks in a robust fashion.
One simple question to determine if the regulation applies to you: Is your organization required to operate under a New York license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, the Insurance Law or the Financial Services Law?
If you answered “yes”, and have not connected with your IT professional, it is imperative you make arrangments to immediately begin the process.
Given the seriousness of the issue and the risk to all regulated entities, minimum standards are required for licensed organization. However, only larger companies need to implement all provisions. Three more questions to determine the extent of coverage:
- Does your organization have more than nine employees?
- Did your New York operations gross annual revenue exceeding $5 million in one of the last three fiscal years?
- Did you have over $10 million in year-end total assets at the end of your last fiscal year?