New York regulators say the financial services industry needs to prepare for growing cybersecurity threats. Publish new guidance.
Guidance from the New York State Department of Financial Services (DFS) identifies risk management and compliance efforts that banks, insurance and other financial services organizations and individuals should consider taking when they become aware of an “elevated cybersecurity threat environment.”
DFS defines a “high-threat environment” as a period when cybersecurity risks are “significantly elevated and therefore likely to” impact information systems, non-public information or operations.
DFS noted that this latest guidance does not create new legal requirements. Rather, it identifies best practices that regulated entities should consider implementing to the extent not already required by state comprehensive regulations. Cybersecurity supervision.
“This guidance provides our regulated entities with actionable steps they can take as the threat environment intensifies,” said Acting Superintendent Kaitlin Asrow. “Each entity should evaluate its unique circumstances and operations to determine which steps are necessary.”
DFS provides a list of best practices that enterprises should consider to reduce attack surfaces, improve threat detection and preparedness, and increase resiliency and responsiveness. Examples include:
- If possible, disable inactive or unnecessary ports and protocols.
- Restrict multi-factor authentication (MFA) enrollment and changes to the authorization process with strong authentication. For example, consider asking your IT department to approve the addition of new MFA authenticator devices, applications, and accounts.
- Remind all personnel of relevant steps they can take to prevent, detect, and respond to ongoing cyber threat activity, including social engineering techniques.
- Work with key third-party service providers to identify awareness of heightened cybersecurity risks and take appropriate actions, and prepare to respond to potential disruptions.
- Monitor financial transactions, including virtual currency business activities, to ensure compliance with applicable orders and guidance regarding sanctions and anti-money laundering.
As an example of a heightened threat environment that may require stronger defenses and heightened vigilance, the DFS identified “geopolitical events that have the potential to increase the risk of cyberattacks or materially alter cybersecurity risks through technological developments, such as the release of cutting-edge artificial intelligence models.”
Geopolitical volatility is among the top 10 business risks, while cyber risk remains the No. 1 global concern, according to Aon’s 2025 report Global Risk Management Survey.
U.S. cybersecurity officials are considering significantly shortening the deadline for fixing critical flaws in government IT systems as concerns grow about the power and proliferation of artificial intelligence models, Reuters reported, citing concerns that hackers could use artificial intelligence tools such as Anthropic’s Mythos to exploit them.
Reuters also recently reported that Europe’s top financial regulator has been reaching out to the financial entities it oversees to assess their cybersecurity defenses based on recent developments in artificial intelligence as geopolitical tensions increase cybersecurity risks.
You can find a copy of the latest guide to New York on DFS website. Additional cybersecurity resources can be found at Cybersecurity Resource Center.
Last fall, New York’s financial services regulator warned that the increasing use of third-party service providers (TPSPs) poses cyber risks. In its TPSP, DFS said threats faced will continue to increase as reliance on the technologies governed by the TPSP increases, such as cloud computing, file transfer systems, artificial intelligence and fintech solutions Cybersecurity guidance.
DFS oversees more than 3,900 banks and financial institutions and thousands of insurance entities that collectively manage more than $5.7 trillion in consolidated assets.
theme
Insurtech data-driven AI network New York
interested in AI?
Get automatic alerts on this topic.
