Search PillsburyLaw.com
  • All
  • Lawyers
  • Capabilities
  • Insights

Service

New York State Department of Financial Services Cybersecurity Resource Center

Contacts

Mark L. Krotoski
Partner, Silicon Valley
T: +1.650.233.4021
Brian H. Montgomery
Partner, New York
T: +1.212.858.1238

Areas of Focus

The New York State Department of Financial Services (NYDFS) cybersecurity regulation is the most comprehensive U.S. framework in regards to governing how financial services, banking, insurance, and other covered entities and companies must protect data and information systems from cyber threats and respond to cyber incidents. Drawing on the insight of team members who served in senior positions at the NYDFS and other government agencies, paired with deep experience in financial regulatory compliance, cybersecurity law and incident response strategy, Pillsbury is well-equipped to help clients navigate these complex requirements.

As the NYDFS intensifies its regulatory scrutiny, cybersecurity compliance is more important than ever. With sweeping new amendments to its cybersecurity regulation (23 NYCRR Part 500) that become effective on a rolling basis through November 2025, financial services companies must act decisively to meet heightened governance, technical and reporting standards. The cybersecurity regulation mandates specific requirements for consumer data protection, cybersecurity controls, timely reporting of Cybersecurity Events and annual certification of compliance with the regulation requirements, among other requirements.  Non-compliance with the cybersecurity regulation can subject covered companies to investigations, enforcement actions, fines and injunctive relief.  NYDFS also conducts periodic examinations to assess compliance.

View More

What Sets Us Apart
Pillsbury’s lawyers provide insight, legal guidance, and regulatory defense to financial institutions and other covered financial services, banking, insurance, and other covered entities or companies regulated by NYDFS. Our team has assisted clients through every stage of compliance—from risk assessments and governance reviews to breach response, notifications and regulatory examinations. Our lawyers have firsthand regulatory and enforcement experience from inside the very agencies shaping and enforcing today’s cybersecurity laws, including the NYDFS and Department of Justice (DOJ).  We have also assisted managing incidents with NYDFS and other federal and state regulators on the same matter. 

This combination of regulatory, enforcement and litigation experience positions us to provide strategic, practical and proactive counsel. Whether preparing for a NYDFS examination, responding to a data breach or drafting a compliant cybersecurity program, our clients benefit from guidance grounded in how these laws are enforced in practice.

Our Services

  • Gap assessments and compliance counseling
  • Preparation and updating of cybersecurity policies and processes and controls
  • Implementing cybersecurity governance frameworks within organizations
  • Preparing for and recovering from cyber-attacks and data breach response
  • Cyber incident response and investigations (internal, regulatory, and governmental investigations)
  • Defense in class action, regulatory, or breach-related litigation
  • Preparing for regulatory examinations

Practice Area Highlights

  • Manage overlapping inquiries by federal and state regulators, including the NYDFS, DOJ, SEC, state AGs and in key industries
  • An international team of litigators and former government officials who have experience building cyber investigations for the courtroom, when needed, and trying cases before juries
  • Wide-ranging experience that spans phishing, ransomware, business email compromises, cyber fraud, insider threats, nation-state attacks and various other risk vectors

View More

  • First-hand knowledge of forensic and incident-response processes to quickly focus on and determine incident scope, restore security and drive effective remediation
  • Top-tier policyholder team helps avoid waivers and other pitfalls typical in cyber insurance coverage to minimize losses and maximize claim recoveries

Awards

  • Recognized among Firms to Watch by The Legal 500 U.S. for Cyber Law (2024 – 2025) and among the leading firms by The Legal 500 UK for Data Protection, Privacy & Cybersecurity (2021 – 2025).

Resources

Factsheet

NYDFS Cybersecurity Regulation Incident Response and Notification Checklist

Related Insights

View More
View All