NY| The NY Department of Financial Services issued guidance on May 21, 2026, advising regulated entities to strengthen cybersecurity practices during heightened threat environments—periods when risks to information systems, nonpublic information, or operations are significantly elevated due to factors like geopolitical events or emerging technologies. While the guidance does not create new legal requirements beyond 23 NYCRR Part 500, it encourages organizations to enhance risk assessments and adopt additional safeguards based on their specific risk profiles, systems, and third-party dependencies.
Key Points:
- Strengthen resilience and response: Test backups and recovery processes, validate incident response and continuity plans, ensure communication readiness, and monitor financial and operational risks.
- Reduce attack surface: Rapidly remediate vulnerabilities, enforce strong access controls (including phishing-resistant MFA), secure configurations, and limit unnecessary system exposure.
- Improve detection and readiness: Maintain up-to-date monitoring tools, analyze logs and threat intelligence, train personnel, and coordinate with third-party providers.