The New York Department of Financial Services has watered down almost all its proposals for a sweeping new regulation that will, after a period of consultation, force the firms it regulates to guard against cyber-insecurity.

As Compliance Matters reported in September, the regulation-to-be is intended to require every regulated financial institution to come up with a plan of action to bolster its cyber-security; to write down and follow a cyber-security policy; to appoint a chief information security officer who will be responsible for implementing, overseeing and enforcing its new programme and policy; and to design policies and procedures to ensure the security of information systems and non-public information accessible to, or held by, third-parties, along with a variety of other requirements to protect the confidentiality, integrity and availability of information systems. Both banks and insurance companies are expected to obey.

The National Law Review has noted: "The NYDFS has incorporated risk-based regulatory concepts in many of the requirements retained in the revised proposal."