The New York State Department of Financial Services has issued guidance setting out cybersecurity measures that DFS-regulated entities should consider when the threat environment intensifies, including during geopolitical events that may raise cyberattack risk and technological developments such as the release of frontier AI models. The guidance is framed as actionable best practice rather than a new rule, and it is intended to help firms decide whether stronger defensive measures and increased vigilance are warranted based on their own circumstances and operations. The framework groups the measures into three areas: reducing the attack surface, improving threat detection and readiness, and strengthening resilience and response. It does not establish new legal requirements, but identifies practices that regulated entities should consider implementing where they are not already required under the cybersecurity regulation in 23 NYCRR Part 500.
New York State Department of Financial Services2026-05-21
New York State Department of Financial Services issues cybersecurity guidance for heightened threat environments including frontier AI and geopolitical risks
The New York State Department of Financial Services issued non-binding guidance on cybersecurity measures DFS-regulated entities should consider when threats intensify, including during geopolitical events and following technological developments such as frontier AI models. Framed as actionable best practices rather than new legal requirements, the guidance groups measures into reducing the attack surface, improving threat detection and readiness, and strengthening resilience and response.