From: JDSupra Business Advisor
by Alejandro Cruz, Craig Newman, Kade Olsen | Patterson Belknap Webb & Tyler LLP
This is our second installment in a three-part series examining the New York State Department of Financial Services (“DFS”) new cybersecurity regulation. In this installment, we provide an overview of the regulation’s impact on corporate governance and the scope of liability for corporate boards.
The cornerstone for the new DFS cybersecurity regulation is accountability at the top of an organization. In a survey used to inform the development of the regulation, the DFS explained that “cyber security tends to be highly IT-centered.” Another DFS survey of insurance companies found that 60% of their CEOs, and 21% of their boards of directors, are only updated about cybersecurity issues on an “ad hoc basis.”
In less than six weeks, when the regulation becomes law, ad hoc review will no longer be an option. As the regulation itself makes clear, senior “management must take [cybersecurity] seriously and be responsible for the organization’s cybersecurity program.”
Leave a Reply