Patrick H. Haggerty and Elise Elam of BakerHostetler write:
On July 29, the New York Department of Financial Services (NYDFS) released Draft Amendments to its Part 500 Cybersecurity Rules that include a number of significant amendments to the rules, including notification requirements such as a mandatory 24-hour notification for cyber ransom payments, specific requirements for newly defined larger entities, increased expectations for oversight of cybersecurity risk, additional requirements for incident response plans (IRPs), business continuity and training, risk assessments, and new technical requirements. The Draft Amendments can be found here.
Read more at Data Counsel.