In April 2017, the New York Department of Financial Services (the “DFS”) released guidance on interpreting 23 NYCRR Part 500, its recently promulgated regulation that requires banks, insurance companies and other financial services institutions regulated by the DFS to adopt broad cybersecurity programs (the “Regulation”), in the form of a frequently asked questions (“FAQ”) document… Continue Reading