NY State Landmark Cyber Security Laws and Why it Should Matter to the Rest of Us.  March 1st, 2017 marked the day that the New York State Department of Financial Services (DFS) “first in nation” cybersecurity regulations went into effect.   These laws follow on the tail end of high-profile data breaches that have occurred over the last several years resulting in losses of hundreds of millions of dollars to several companies such as Target and Home Depot.  These new cybersecurity rules mandate that insurance companies, banks and other financial institutions establish a cybersecurity program.

Although this landmark legislation is directed primarily toward the financial sector, the rest of us in and outside of New York should take notice because the growing cyber threat affects all companies across all industries across all states.  To illustrate this fact, according to Google, take into consideration that website hacks alone were up nearly 32% in 2016 over the prior year.

The good news is that some states are already responding to the increased threat.  In fact, there are new cybercrime bills advancing in both Indiana and Texas governments as this article is being written. Though we can certainly expect more legislation to follow, the need to proactively protect our business’ from today’s cyberthreat means that we need to act with a sense of urgency now. As the New York legislation demonstrates, the cornerstone to driving a strong proactive

As the New York legislation demonstrates, the cornerstone to driving a strong proactive cybersecurity program begins with a security risk assessment.  This makes sense.  In the simplest of terms, a security risk assessment can identify any vulnerabilities that could pose a threat to an organization’s continuous operation. Once you become aware of these vulnerabilities then you can begin take the steps to address them and, consequently,  reduce risk.

A risk assessment is a proactive preventative measure that can provide a roadmap to reduce the risk caused by the increase in cyber threats to all businesses. Or, as Ben Franklin stated, “an ounce of prevention is worth a pound of cure.”  If given the opportunity, wouldn’t you prefer to take a little precaution before a cybersecurity crisis occurs versus having to deal with the headache and cost of fixing up afterward?