NEW YORK—New York State is delaying implementation of the nation’s first cyber security rules for banks and insurers.
The state’s financial regulator has issued a revised proposal that loosens some security requirements and delays the rule’s implementation by two months to March 1, Reuters reported.
The rules from the New York State Department of Financial Services are being closely watched as they lay out unprecedented requirements for financial firms to take to protect their networks and customer data from hackers and disclose cyber events to state regulators, said Reuters in its analysis.
“Many organizations are going to have a lot of work to do to come into compliance with these revised regulations,” Jed Davis, a partner with law firm Day Pitney and former U.S. federal cyber crimes prosecutor, told Reuters.
The state decided to make changes to the rules after receiving more than 150 comments on its initial proposed regulations.
The revised regulations include easing some timelines and requirements, including standards for encrypting data and authenticating access to networks. They also provide more time for compliance, expanding the transition from six months to as long as two years, Reuters said.
The agency said it would finalize the rules after a 30-day comment period.