New York State’s Department of Financial Services has issued 23 NYCRR 500, “Cybersecurity Requirements for Financial Services Companies”, requiring that “[e]ach Covered Entity shall maintain a cybersecurity program designed to protect the confidentiality, integrity and availability of the Covered Entity’s Information Systems” and setting forth requirements for such programs.
A Covered Entity is “any Person operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, the Insurance Law or the Financial Services Law”. Part 500 of 23 NYCRR is posted at
http://www.dfs.ny.gov/legal/regulations/adoptions/dfsrf500txt.pdf.
If you want more background on cybersecurity watch our lecture series on " Wire fraud, Cybersecurity and What it Mans for your Settlement Transactions."