DFS Acting Superintendent Kaitlin Asrow Issues Guidance to Regulated Entities on Cybersecurity Considerations in a Heightened Threat Environment

Acting Superintendent Kaitlin Asrow today issued new guidance identifying cybersecurity measures that New York State Department of Financial Services (DFS) regulated entities should consider adopting when facing a heightened threat environment. For example, geopolitical events that have the potential to increase the risk of cyberattacks or technological developments that materially change cybersecurity risks, such as the release of frontier AI models, may warrant stronger defensive measures and increased vigilance.

"This guidance gives our regulated entities actionable steps that can be taken when the threat environment intensifies," said Acting Superintendent Asrow. "Each entity should assess their unique circumstances and operations to identify which steps are warranted."

The guidance provides a framework of best practices across three areas: reducing the attack surface, improving threat detection and readiness, and strengthening resilience and response. The guidance does not establish new legal requirements. Rather, it identifies best practices regulated entities should consider implementing to the extent not already required by the cybersecurity regulation, 23 NYCRR Part 500.

New York State Acting Chief Cyber Officer Michaela Lee, "As frontier AI models rapidly evolve, New York remains committed to safeguarding our digital landscape. Under Governor Hochul's leadership, we are ensuring that our cybersecurity defenses are as dynamic as the technologies threat actors seek to exploit. This proactive guidance from DFS provides a blueprint to strengthen financial resilience, reinforcing New York's national leadership in innovation and security."

A copy of the guidance can be found on the Department's website. Additional cybersecurity resources can be found on the Department's Cybersecurity Resource Center.