The financial services sector must already contend with a maze of regulations in a variety of areas, and 2023 is poised to usher in new cybersecurity regulations for the industry. Organizations should ensure their security programs are prepared to meet the coming wave of compliance requirements. Here is our take on four major legal developments that financial services companies should track this year.
Cyber Incident Reporting
A major U.S. regulatory trend in 2022 was the establishment of requirements to report cyber incidents to government agencies. This is an additional affirmative obligation on top of the traditional personal data breach notification requirements. Several cyber incident reporting rules for the financial services sector have recently become effective or will enter into force in 2023.
In general, these rules require financial institutions to submit a report to regulators after experiencing a significant service disruption, network intrusion, or unauthorized access to sensitive information. In some cases, such as under the New York Department of Financial Services (NYDFS) regulations, there is also an obligation to report to regulators if a ransom is paid….
