regulation

New York's cybersecurity regulation for financial services requires covered entities to maintain comprehensive security programs including CISO designation, MFA, encryption, and incident reporting. The 2023 amendments are fully effective as of November 2025.

The Securities and Exchange Commission files charges against a publicly traded firm for materially understating the scope and impact of a 2025 data breach, signaling aggressive enforcement of cyber disclosure rules adopted in December 2023.