New York State Department of Financial Services Issues New Guidance on Preventing Ransomware Attacks: Agency Recommends Preventative Measures Amid Growing Regulatory Focus on the Ransomware Threat

Sullivan & Cromwell LLP - July 2, 2021

On June 30, 2021, the New York State Department of Financial Services (“DFS”) issued new guidance identifying nine measures DFS-regulated entities should implement to minimize the risk of a ransomware attack. The guidance is based on DFS’s review of the 74 ransomware attacks reported to it by regulated entities between January 2020 and March 2021. The guidance clarifies certain reporting requirements under DFS’s cybersecurity regulation, and indicates that DFS is evaluating what additional controls should be added to the regulation to help prevent ransomware attacks and adapt to the heightened cyber threat landscape.

Subscribe to our Memos