The New York State Department of Financial Services (NYDFS) Cybersecurity Regulation covers any organization regulated by that department. It requires organizations to follow a regular schedule of reporting and conducting risk assessments, among other requirements. NYDFS requires notification within 72 hours after an incident. Past settlements for cybersecurity-related violations include fines in the millions of dollars. Summary: NYDFS Cybersecurity Resource Center