Speak with an Expert on Long Island: 888-777-8093

NYS DFS Cybersecurity Regulation

There’s no room for OOPS with cybersecurity compliance.

Non-compliance with New York State DFS Cybersecurity directives means risking fines and potential license revocation. And your business could still be at the mercy of cybercriminals.
After reading the New York State Department of Financial Services Cybersecurity Regulation (23 NYCRR Part 500), you are likely to be confused, frustrated, or in denial about what exactly is being required from governing banks, insurance companies, and other financial institutions. The regulation is ambiguous and hard to decipher.
We are sure you have many questions:
  • Does my company need to comply? Will we be fined if we don’t comply?
  • Which of the regulations do we need to comply with?
  • When do we need to comply by?
  • How much monitoring is enough? How much is too much?
Not only will Total help you find the answers, but we will also bring your company to the proper level of compliance.


Let Total Help You with The Total Solution

Over the last several months, Total has been studying the regulation and deciphering it to fine tune our extremely successful cybersecurity solution: Total’s Layered Defense. The outcome of our research, including the vetting of various products, is a complete solution for your DFS compliance needs.
Written Policies & Procedures
Penetration Tests & Vunerability Scans
Business Continuity
Chief Information Security Officer (CISO) Services
Continuous Monitoring & Testing
Risk Assessment & Incident Response Plan
Cybersecurity Awareness Training
Multi-Factor Authentication


Why Total? In conjunction with our comprehensive cybersecurity offering, Total has been helping clients achieve industry-specific compliance for years.
And because compliance experts are predicting that enforcement of these new regulations is likely going to be a high priority for the DFS, it is important that you take a proactive approach to ensure that effective measures are in place before the DFS starts its auditing process.
Speak with one of our experienced IT consultants about our DFS offering including policy creation, cybersecurity awareness training, penetration testing and vulnerability scanning, and more. Even if you comply with Federal Cybersecurity Regulations, it is important to review existing policies and procedures to ensure compliance with the DFS Cybersecurity Regulation.
Compliance isn’t only about satisfying governmental regulations; it’s about protecting your business. Research has shown that 60% of SMBs that suffered a cyber attack go out of business within six months. Total has never had a client go out of business on our watch; nor do we expect to with our comprehensive cybersecurity solution.

Key Dates

  • March 1, 2017 – the NYDFS Regulation becomes effective
  • August 28, 2017 – covered entities are required to be in compliance with requirements of the NYDFS Regulation
  • February 15, 2018 – covered entities are required to submit the first certification under the NYDFS Regulation on or prior to this date
  • March 1, 2018 – covered entities are required to comply with certain requirements such as those related to penetration testing, vulnerability assessments, risk assessment and cybersecurity training
  • September 3, 2018 – covered entities are required to comply with audit trail, data retention and encryption requirements
  • March 1, 2019 – covered entities are required to develop a third-party service provider compliance program

If you're not in compliance, you're in violation!

Repercussions may include:
  • License Revocation
  • $250,000 or more in fines
  • A percentage of your organization’s total assets

Are you really safe?

For a free vulnerability and compliance assessment, call Total at 888-777-8093.

Some of Our Partners

Scroll Up