The New York State Department of Financial Services (DFS) has released new guidelines to strengthen cybersecurity measures against threats posed by artificial intelligence (AI). Superintendent Adrienne A. Harris stressed that AI can enhance threat detection and incident response, but also creates opportunities for cybercriminals.
The guidelines build on the DFS’s cybersecurity regulation (23 NYCRR Part 500) and recent initiatives to prevent AI discrimination by insurers. They aim to protect New Yorkers and DFS-licensed entities from evolving cybersecurity dangers. “AI has improved the ability for businesses to enhance threat detection and incident response strategies, while concurrently creating new opportunities for cybercriminals to commit crimes at greater scale and speed,” Superintendent Harris said.
The directive requires DFS-regulated institutions to assess AI-related cybersecurity risks comprehensively. This includes threats like social engineering, advanced cyber-attacks, theft of non-public information, and vulnerabilities from supply chain dependencies. The guidance recommends a risk-based approach to help financial institutions understand, assess, and mitigate these specific risks.
New DFS AI cybersecurity measures
Importantly, the guidelines advocate for a multilayered security protocol with overlapping protections. This ensures continuity of protection even if one security measure fails, minimizing the impact of a cyber attack.
The new guidance does not introduce additional obligations. Instead, it assists regulated entities in meeting their existing responsibilities under DFS’s cybersecurity regulation, considering the emerging threats posed by AI technologies. DFS-regulated institutions must assess and address their cybersecurity risks, including those evolving from AI.
The guidance employs a risk-based approach to help the financial services sector better understand, assess, and mitigate AI-specific cybersecurity risks. The cybersecurity measures outlined provide multiple layers of security controls with overlapping protections. If one control fails, other controls prevent or mitigate the impact of a cybersecurity attack.
A copy of the guidance and additional cybersecurity resources can be found on the Department’s website.
Noah Nguyen is a multi-talented developer who brings a unique perspective to his craft. Initially a creative writing professor, he turned to Dev work for the ability to work remotely. He now lives in Seattle, spending time hiking and drinking craft beer with his fiancee.
