New York Issues Cybersecurity Tips for a ‘Heightened Threat Environment’

Staff Editor 2026-05-22
New York Issues Cybersecurity Tips for a ‘Heightened Threat Environment’

New York Issues Cybersecurity Tips for a ‘Heightened Threat Environment’

https://www.insurancejournal.com/news/east/2026/05/22/871132.htm

Publish Date: 2026-05-22 09:20:00

Source Domain: www.insurancejournal.com

Citing a need for the financial services industry to be prepared for rising cybersecurity threats, New York’s regulator has issued new guidance.

The guidance from the New York State Department of Financial Services (DFS) identifies risk management and compliance efforts that banking, insurance and other financial services organizations and individuals should consider taking when they become aware of a “heightened cybersecurity threat environment.”

DFS defines a “heightened threat environment” as a period when cybersecurity risks are “significantly elevated and therefore have a high likelihood” of impacting information systems, nonpublic information or operations.

As an example of a heightened threat environment that may warrant stronger defensive measures and increased vigilance, DFS identifies geopolitical events that have the “potential to increase the risk of cyberattacks or technological developments that materially change cybersecurity risks, such as the release of frontier AI models.”

DFS noted that this guidance does not establish new legal requirements. Rather, it identifies best practices regulated entities should consider implementing to the extent not already required by the cybersecurity regulation, 23 NYCRR Part 500.

“This guidance gives our regulated entities actionable steps that can be taken when the threat environment intensifies,” said Acting Superintendent Kaitlin Asrow. “Each entity should assess their unique circumstances and operations to identify which steps are warranted.”

DFS provides a list of best practices firms should consider to reduce the attack surface, improve threat detection and readiness, and improve resilience and response. Examples include:

  • Where possible, disable the use of inactive or unnecessary ports and protocols.
  • Restrict multi-factor authentication (MFA) enrollment and changes to authorized processes with strong identity verification. For example, consider requiring IT approvals for…

Source

More Stories

Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI

Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI

Staff Editor 2026-06-06
Franklin Student is a Cyber Security Champ at Bridgewater State

Franklin Student is a Cyber Security Champ at Bridgewater State

Staff Editor 2026-06-06
CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog

CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog

Staff Editor 2026-06-06

Terms and Conditions - Privacy Policy