Answer: A - NYDFS Cybersecurity Regulation requires compliance, in part, through financial institutions’ employment of a defense infrastructure to protect against cybersecurity threats. The state law also requires the use of a system to detect cybersecurity events.
Covered financial institutions are required to identify internal and external threats. Customers must be informed of any cybersecurity breach which stands to affect them. However, the customer is not solely responsible for acting diligently to recover. The FI is required to take action to recover from any cybersecurity event. Covered entities must not rely on the NYDFS to respond to cybersecurity events alone. The FI must respond to the cybersecurity event directly.