By: (Debevoise & Plimpton Data Blog)
On October 16, 2024, the New York Department of Financial Services (NYDFS) released an Industry Letter offering guidance on how to assess cybersecurity risks linked to the use of artificial intelligence (AI) within the existing framework of 23 NYCRR Part 500 (referred to as the Cybersecurity Regulation or Part 500). Although the guidance specifically targets entities governed by Part 500—such as those licensed under New York’s Banking, Insurance, or Financial Services Laws—it also provides valuable insights for all businesses on managing AI-related cybersecurity risks.
Importantly, the NYDFS clarifies that the guidance does not introduce new requirements beyond what is already mandated under the Cybersecurity Regulation. Instead, it aims to help covered entities navigate how to address AI-related cybersecurity risks using the existing Part 500 framework and build appropriate controls to mitigate those risks. Additionally, the guidance encourages companies to explore AI’s potential to enhance cybersecurity measures, such as reviewing security logs, analyzing behaviors, detecting anomalies, and predicting possible threats. Organizations subject to Part 500—particularly those that have implemented AI extensively—are advised to carefully review the guidance and evaluate whether their current cybersecurity policies and controls may require updates.
In this post from Debevoise’s Data Strategy and Security blog, we highlight key takeaways from the guidance and offer practical considerations for companies assessing their cybersecurity protocols to address AI-related risks.
A. AI-Related Cybersecurity Risks
The NYDFS divides AI-related cybersecurity risks into two main categories: (1) risks posed by malicious actors leveraging AI, and (2) risks stemming from companies’ own use or reliance on AI…
Featured News
Big Tech Braces for Potential Changes Under a Second Trump Presidency
Nov 6, 2024 by
CPI
Trump’s Potential Shift in US Antitrust Policy Raises Questions for Big Tech and Mergers
Nov 6, 2024 by
CPI
EU Set to Fine Apple in First Major Enforcement of Digital Markets Act
Nov 5, 2024 by
CPI
Six Indicted in Federal Bid-Rigging Schemes Involving Government IT Contracts
Nov 5, 2024 by
CPI
Ireland Secures First €3 Billion Apple Tax Payment, Boosting Exchequer Funds
Nov 5, 2024 by
CPI
Antitrust Mix by CPI
Antitrust Chronicle® – Remedies Revisited
Oct 30, 2024 by
CPI
Fixing the Fix: Updating Policy on Merger Remedies
Oct 30, 2024 by
CPI
Methodology Matters: The 2017 FTC Remedies Study
Oct 30, 2024 by
CPI
U.S. v. AT&T: Five Lessons for Vertical Merger Enforcement
Oct 30, 2024 by
CPI
The Search for Antitrust Remedies in Tech Leads Beyond Antitrust
Oct 30, 2024 by
CPI