Cybersecurity Enforcement Trends: A Fraught New Reality for ‘Victims’ of Cyberattacks
New York Law Journal
New York partners Pete Baldwin and Bob Mancuso authored an article for the New York Law Journal titled, “Cybersecurity Enforcement Trends: A Fraught New Reality for “Victims” of Cyberattacks,” that discusses how regulators have shifted their focus from data breach notifications to overall cybersecurity preparedness.
Baldwin and Mancuso highlight that whereas regulators previously focused on how companies responded to cyberattacks, they are now focusing more on whether and to what extent victimized businesses were adequately prepared to defend against attacks. The authors add that if the policies, procedures, and defenses businesses had in place were inadequate, regulators are increasingly pursuing enforcement actions, even in situations where a data breach did not occur or where individual consumers’ personal identifying information was not improperly accessed or acquired.
The article provides examples of enforcement actions the New York Department of Financial Services (NYDFS), the state regulator with oversight of New York’s insurance, banking, and financial services laws, has engaged in over the past year.