Cybersecurity

New York Proposes Cybersecurity Regulations for Banks

New York Gov. Andrew Cuomo and the state’s top banking regulator proposed regulations Tuesday that would be among the first in the U.S. to require banks to establish cybersecurity programs.

If implemented, the regulations would increase the onus on some of the world’s largest banks to invest in cyber protections that could cost them and insurers millions of dollars, according to experts. Banks would be required to hire a chief information security officer and implement measures that detect and deter cyber intrusions and protect consumer data.

The proposed regulations also contain a requirement that banks notify New York’s Department of Financial Services of any material data breach within 72 hours of the event. A patchwork of state regulations currently cover when companies must disclose breaches, and many large organizations have kept such attacks secret.