New York Gov. Andrew Cuomo announced in September a first-in-the-nation regulation designed to protect the state from the growing threat of cyberattacks. The proposed rule targets the state’s financial services institutions, requiring banks and insurance companies to establish a cybersecurity program and designate a chief information security officer.
The regulation comes on the heels of what has been a banner year for data breaches, with large-scale attacks occurring at government agencies, retail companies, tech firms and health-care service organizations. Barely a week after Cuomo introduced the regulation, Yahoo announced that data from at least 500 million user accounts had been stolen by a “state-sponsored actor.” Symantec, the Internet security firm, has similarly reported that 430 million new kinds of malware were detected in 2015, a 36 percent increase from the year before.