Terbium Labs logo
Twitter icon LinkedIn icon

NYDFS Cybersecurity Requirements for Financial Services Companies

How Dark Web Monitoring Keeps Companies Compliant

In response to ongoing, countless damaging data breaches in the financial industry, The New York State Department of Financial Services (DFS) implemented the Cybersecurity Requirements for Financial Services Companies (23 NYCRR 500) last year. Requiring all covered entities to adopt a comprehensive cybersecurity program and stricter policies, the new set of laws challenge corporate cybersecurity programs to expand policy frameworks, mitigate exposure of sensitive data, and tighten disclosure requirements.

Unlike previous regulations which focus strictly on a perimeter-specific policy framework or guidance as to necessary defensive measures, 23 NYCRR 500 presents a framework that includes proactive monitoring of sensitive data on the dark web, specifically addressing three sections:

  • 500.02(b)(1) requires organizations to "identify and assess internal and external cybersecurity risks that may threaten the security or integrity of Nonpublic Information stored on the Covered Entity's Information Systems,"
  • 500.04(b) requires the CISO to report on "the confidentiality of non-public Information", "material cybersecurity risks to the Covered Entity", "material cybersecurity events" and the "overall effectiveness of the Covered Entity's cybersecurity program,"
  • 500.09(a) requires a periodic risk assessment to identify key risks is designing a cybersecurity program, specifically the risks associated to "Nonpublic Information collected or stored, Information Systems utilized and the availability and effectiveness of controls to protect Nonpublic Information and Information Systems."

Complete form to view webinar

I am happy to receive news, info and event updates

Ongoing, proactive monitoring of the dark web for organizations' exposure of sensitive data can address the above requirements and enhance key aspects of any cybersecurity program such as awareness of exposed nonpublic information and breach detection.

Watch the on-demand webinar to learn more about:

  • Best practices to comply with the new requirements
  • How the dark web fits into a cybersecurity program
  • How to tailor the requirements to your organization's specific needs