Citing a need for the financial services industry to be prepared for increased cybersecurity threats, New York’s regulator has issued new guidance.
The guidance from the New York State Department of Financial Services (DFS) identifies risk management and compliance efforts that banking, insurance and other financial services organizations and individuals should consider taking when they become aware of a “heightened cybersecurity threat environment.”
DFS defines a “heightened threat environment” as a period when cybersecurity risks are “significantly elevated and therefore have a high likelihood” of impacting information systems, nonpublic information or operations.
DFS noted that this latest guidance does not establish new legal requirements. Rather, it identifies best practices regulated entities should consider implementing to the extent not already required by the state’s comprehensive cybersecurity regulation.
“This guidance gives our regulated entities actionable steps that can be taken when the threat environment intensifies,” said Acting Superintendent Kaitlin Asrow. “Each entity should assess their unique circumstances and operations to identify which steps are warranted.”
DFS provides a list of best practices firms should consider to reduce the attack surface, improve threat detection and readiness, and improve resilience and response. Examples include:
- Where possible, disable the use of inactive or unnecessary ports and protocols.
- Restrict multi-factor authentication (MFA) enrollment and changes to authorized processes with strong identity verification. For example, consider requiring IT approvals for adding new MFA authenticator devices, applications, and accounts.
- Alert all personnel to relevant steps they can take to prevent, detect, and respond to ongoing cyber threat campaigns, including social engineering techniques.
- Engage with critical third-party service providers to confirm awareness of and appropriate action on heightened cybersecurity risks and readiness to respond to potential disruptions.
- Monitor financial transactions, including virtual currency business activity, to ensure compliance with applicable orders and guidance on sanctions and anti-money laundering.
As an example of a heightened threat environment that may warrant stronger defensive measures and increased vigilance, DFS identifies geopolitical events that have the “potential to increase the risk of cyberattacks or technological developments that materially change cybersecurity risks, such as the release of frontier AI models.”
Geopolitical volatility is a top 10 business risk with cyber risk remaining the number one concern globally, according to Aon’s 2025 Global Risk Management Survey.
As anxiety over the power and proliferation of AI models has been building, U.S. cybersecurity officials are considering sharply shorter deadlines for fixing critical flaws in government IT systems, amid concerns hackers could exploit them using artificial‑intelligence tools such as Anthropic’s Mythos, Reuters reported.
Reuters also recently reported that as geopolitical tensions have increased cybersecurity risks, Europe’s top financial regulator has been contacting financial entities it supervises to assess their cybersecurity defenses in light of recent developments in AI.
A copy of New York’s newest guidance can be found on the DFS website. Additional cybersecurity resources can be found at its Cybersecurity Resource Center.
Last fall, the New York financial services regulator warned of the cyber risks associated with the growing use of third-party service providers (TPSP). Exposure to threats will continue to grow as reliance on technologies managed by TPSPs, such as cloud computing, file transfer systems, artificial intelligence, and fintech solutions, continues to grow, said DFS in its TPSP cybersecurity guidance.
DFS regulates more than 3,900 banking and financial institutions and thousands of insurance entities, which together manage more than $5.7 trillion in combined assets.
Topics
InsurTech
Data Driven
Artificial Intelligence
Cyber
New York
Interested in Ai?
Get automatic alerts for this topic.
