NYDFS Releases Consent Order in First Enforcement Action Brought Under the Cybersecurity Regulations | News & Insights

Advisories October 24, 2024

Privacy, Cyber & Data Strategy Advisory: NYDFS Issues Guidance on Artificial-Intelligence-Related Cybersecurity Risks

Our Privacy, Cyber & Data Strategy Team explores new guidance from the New York Department of Financial Services for covered entities to combat what it considers the most pressing cybersecurity risks of artificial intelligence (AI).

Advisories April 9, 2024

Privacy, Cyber & Data Strategy / Securities Litigation Advisory: Board Oversight and Cyber Breach Response: What Involvement Strikes the Right Balance?

New regulations continue to push boards in the direction of active engagement in their cyber oversight role, including breach response. But, how can boards strike the right balance in their oversight role during a significant cybersecurity incident? Members of our Privacy, Cyber & Data Strategy Team and our Securities Litigation Group weigh in.

Blog Posts December 22, 2025

NYDFS Releases New Prescriptive FAQs on MFA

The New York Department of Financial Services (NYDFS) has released a new set of Frequently Asked Questions (FAQs 18–23) under 23 NYCRR Part 500, reinforcing its position that multifactor authentication (MFA) remains a critical component of a covered entity’s cybersecurity program. These FAQs provide highly prescriptive guidance, including clarifications on technical requirements for the “possession” […]

The post NYDFS Releases New Prescriptive FAQs on MFA appeared first on Alston & Bird Privacy, Cyber & Data Strategy Blog.

Blog Posts November 24, 2025

NYDFS Issues Guidance on Managing Risks Related to Third-Party Service Providers

On October 21, 2025, the New York Department of Financial Services (“NYDFS”) published an Industry Letter (the “Letter”) outlining guidance on managing risks related to third-party service providers (“TPSPs”). NYDFS recognizes that as covered entities become more reliant on TPSPs, managing TPSPs “remains a crucial element of a Covered Entity’s cybersecurity program.” The Letter outlines the actions […]

The post NYDFS Issues Guidance on Managing Risks Related to Third-Party Service Providers appeared first on Of Interest.

Blog Posts October 27, 2025

NYDFS Issues Guidance on Managing Risks Related to Third-Party Service Providers

On October 21, 2025, the New York Department of Financial Services (“NYDFS”) published an Industry Letter (the “Letter”) outlining guidance on managing risks related to third-party service providers (“TPSPs”). NYDFS recognizes that as covered entities become more reliant on TPSPs, managing TPSPs “remains a crucial element of a Covered Entity’s cybersecurity program.” The Letter outlines […]

The post NYDFS Issues Guidance on Managing Risks Related to Third-Party Service Providers appeared first on Alston & Bird Privacy, Cyber & Data Strategy Blog.