The NYDFS Part 500 Cybersecurity Audit Requirement 2 min read Executive summaryAs cyber threats grow ever more sophisticated and relentless, New York’s financial institutions face heightened regulatory expectations under NYDFS Part 500—anchored by a rigorous cybersecurity audit requirement for large entities. This mandate is not just about compliance; it’s an opportunity to strengthen resilience and build lasting trust in an increasingly digital financial ecosystem. NYDFS Part 500 is a requirement that was introduced in a 2023 amendment to the New York Department of Financial Services (NYDFS) 23 NYCRR Part 500 (“Part 500”) regulation, originally enacted in 2017. The regulation was enacted in response to the increasing frequency and sophistication of cyber threats targeting the financial sector, and seeks to protect sensitive customer information and ensure the resilience of financial institutions. A critical element of this regulatory framework is the annual cybersecurity audit requirement.Read the full paper Topics Cybersecurity and Privacy Internal Audit and Corporate Governance Risk Management and Regulatory Compliance Industries Banking and Capital Markets Asset and Wealth Management Leadership Thomas Luick Tom is a Managing Director with more than 24 years of experience helping clients in the financial services industry solve technology, compliance, and risk management challenges. In addition to leading our Technology Consulting practice for the insurance industry ... Learn More David Lehmann Experienced executive with demonstrated success in building teams and serving as a trusted advisor to clients in a range of industries. Areas of expertise include technology risk, internal audit, IT audit, cybersecurity, ICFR/SOX, GRC technology, risk assessment, and IT ... Learn More
