On June 30, 2021, the New York State Department of Financial Services (“DFS”) released new guidance (the “Guidance”) for regulated entities to “significantly reduce the risk of a ransomware attack.” In the Guidance, DFS describes lessons learned from its investigation of each of the 74 ransomware attacks reported to DFS by regulated entities between January 2020 and March 2021. DFS recommends that all DFS-regulated entities implement, whenever possible, nine specific measures to prevent ransomware attacks. DFS stresses the urgency with which companies need to improve their cybersecurity defenses, describing ransomware as a “crisis” which “threatens every financial services company and their customers,” and which could cause the next great financial crisis.