Implementing Cybersecurity Legislation: An Overview Of The NYDFS And NAIC Model Laws

The increasing pace of cyber-related events and crimes has led state regulators to survey the growing risks and take action. In New York, the Department of Financial Services (NYDFS) enacted cybersecurity rules effective March 1, 2017. Leading the nation in this effort, the NYDFS regulation has been viewed as a blueprint for many other states as well as industry initiatives such as the National Association of Insurance Commissioners’ (NAIC) cybersecurity model law. The impetus for these regulations comes from heightened concerns about internal and external threats—nation-state, terrorist, and independent actors creating financial losses and stealing electronic data to be used for illicit purposes.