The New York State DFS has announced a fresh set of guidelines intended to bolster cybersecurity measures against threats posed by AI.
Superintendent Adrienne A. Harris highlighted the dual nature of AI, noting its ability to improve threat detection and incident response strategies, while also providing new avenues for cybercriminals.
These guidelines are part of the DFS’s continued efforts to shield New Yorkers and DFS-licensed entities from the evolving dangers of cybersecurity threats. Building on the foundation of the nation-leading cybersecurity regulation (23 NYCRR Part 500), the new guidance also aligns with recent initiatives to prevent discrimination by insurers using AI.
“AI has improved the ability for businesses to enhance threat detection and incident response strategies, while concurrently creating new opportunities for cybercriminals to commit crimes at greater scale and speed,” Superintendent Harris said. “New York will continue to ensure that as AI-enabled tools become more prolific, security standards remain rigorous to safeguard critical data, while allowing the flexibility needed to address diverse risk profiles in an ever-changing digital landscape.”
The directive requires DFS-regulated institutions to thoroughly assess AI-related cybersecurity risks. This encompasses a range of potential threats including social engineering, advanced cyber-attacks, theft of nonpublic information, and vulnerabilities due to supply chain dependencies. The guidance prescribes a risk-based approach to help financial institutions understand, assess, and mitigate these specific risks.
Importantly, the guidelines advocate for a multilayered security protocol, ensuring that multiple safeguards with overlapping protections are in place. This strategy is designed to ensure continuity of protection even if one security measure fails, thereby preventing or reducing the impact of a cyber attack.
While the guidance does not introduce new obligations, it aims to assist regulated entities in fulfilling their existing duties under DFS’s cybersecurity regulation in light of the emerging threats posed by AI technologies.
Copyright © 2024 RegTech Analyst
Copyright © 2018 RegTech Analyst
