Significant new Cyber Security regulations passed in New York state could benefit both businesses and consumers.
We won’t blame you if you missed it, but last month may very well have marked a turning point for Cyber Security regulations in the United States and beyond.
That’s because the New York state passed first-of-its-kind regulations requiring companies that operate in the insurance, financial services, and banking sectors to meet a minimum standard of Cyber Security measures.
This is important on several levels. New York is the financial center of the country, if not the world, and that fact alone will make these regulations far reaching and impact thousands of companies. Moreover, New York is the most influential state, and often the bellwether for other states and national policy, which could trigger further regulations to be put into law across the U.S.
Clear and defined
The regulations are also substantial. Cyber Security regulations can often be vague and difficult to implement and enforce. The New York regulations are clear and defined: they require, among other things, companies to have a Cyber Security program and policy, limit those employees who have access to sensitive data, and have qualified Cyber Security professionals managing security risks. Perhaps most importantly, companies are also now required to report any attempted hacks or breaches of their system within 72 hours.
The institution of this reporting timeframe enables companies and Cyber Security professionals to share, in near real time, the different attacks they are seeing attempted, both big and small, and be prepared to react to new types of attacks. Hackers are constantly developing new techniques! It can be particularly difficult for smaller companies to keep pace and keep their information secure, but this information sharing will help all types of companies stay up to date and ready to defend their critical information.
All in all, the real winner here is consumers, whether they realize it or not. People often just think of their data as being out of sight and out of mind, but it’s vulnerable if companies aren’t taking the necessary precautions to protect it. It may also lower prices in the long term, as less fraud makes companies more profitable; CNBC found that $16 billion was stolen through fraud and identity theft in 2016. It’s also a win for businesses. While some may grumble at the fact that they’ll have to take steps to become compliant, they’ll benefit immensely from sharing their intelligence collectively on hackers and the latest threats. And while becoming compliant may be painful as these regulations come into effect, it won’t be nearly as painful as a potential security breach in the future.