The New York State Department of Financial Services (“DFS”) seeks comments by August 18, 2022 on pre-proposed amendments to the Cybersecurity Requirements for Financial Services Companies, 23 NYCRR 500. Among the pre-proposed amendments are requirements that the boards of directors of banks and insurance companies in New York have sufficient cybersecurity expertise to oversee cyber risks, and that a covered entity’s Chief Information Security Officer should have sufficient independence and authority to ensure cyber risks are appropriately managed. DFS also contemplates new regulatory notification requirements for ransomware payments, as well as designation of certain large entities as “Class A” entities subject to enhanced cybersecurity requirements. Following the close of the comment period for the pre-proposed amendments, DFS will likely issue similar proposed amendments for a 60-day notice-and-comment period.