On October 16, 2024, the New York State Department of Financial Services (the “DFS”), under its Cybersecurity Regulation—23 NYCRR Part 500—issued a memorandum providing guidance on the risks posed by artificial intelligence (“Guidance Memo”). The guidance is addressed to the entities within the DFS’ jurisdiction, including entities regulated by the New York Banking Law, the Insurance Law and the Financial Services Law (“Covered Entities”), and clarifies that the Guidance Memo does not impose additional requirements on Covered Entities but rather illustrates how the Cybersecurity Regulation framework should be used to assess and address the cybersecurity risks presented by AI.
The Guidance Memo emphasizes the significant impact AI has had on cybersecurity, both positively and negatively. While AI has enhanced the ability of entities to prevent cyberattacks, improve threat detection and bolster incident response, it has also introduced new mechanisms and opportunities for cybercriminals to commit crimes at greater scale and speed. The Guidance Memo outlines strategies to mitigate risks that will be essential for Covered Entities to follow but that will also be useful for…
