New York’s controversial new cybersecurity regulation will come into effect March 1. The regulation includes requirements that financial and insurance institutions retain a CISO, report cybersecurity incidents within 72 hours and use multifactor authentication. After input from private industry, the state eased off some of its more prescriptive proposals. The American Banker’s Association says that while the regulation takes a risk-based approach, it will add a significant burden to banks. It could be a year or more before a final version of the proposed standards is published.”]
Source: https://www.cuinfosecurity.com/reworked-ny-cybersecurity-regulation-takes-effect-in-march-a-9733