The Wall Street Journal reports that New York has proposed rules that would require banks to establish cybersecurity programs. The rules, if adopted, would require banks to:
- Hire a Chief Information Security Officer
- Implement a cybersecurity program designed to detect and deter cyber intrusions and protect customer data.
- Certify that controls in this area are adequate
- Perform annual risk assessments and penetration testing
- Notify the New York Department of Financial Services within 72 hours of a material data breach
- Encrypt non-public information transmitted to or stored by the banks
- Hire and train cyber focused employees.