By: (Debevoise & Plimpton Data Blog)
On October 16, 2024, the New York Department of Financial Services (NYDFS) released an Industry Letter offering guidance on how to assess cybersecurity risks linked to the use of artificial intelligence (AI) within the existing framework of 23 NYCRR Part 500 (referred to as the Cybersecurity Regulation or Part 500). Although the guidance specifically targets entities governed by Part 500—such as those licensed under New York’s Banking, Insurance, or Financial Services Laws—it also provides valuable insights for all businesses on managing AI-related cybersecurity risks.
Importantly, the NYDFS clarifies that the guidance does not introduce new requirements beyond what is already mandated under the Cybersecurity Regulation. Instead, it aims to help covered entities navigate how to address AI-related cybersecurity risks using the existing Part 500 framework and build appropriate controls to mitigate those risks. Additionally, the guidance encourages companies to explore AI’s potential to enhance cybersecurity measures, such as reviewing security logs, analyzing behaviors, detecting anomalies, and predicting possible threats. Organizations subject to Part 500—particularly those that have implemented AI extensively—are advised to carefully review the guidance and evaluate whether their current cybersecurity policies and controls may require updates.
In this post from Debevoise’s Data Strategy and Security blog, we highlight key takeaways from the guidance and offer practical considerations for companies assessing their cybersecurity protocols to address AI-related risks.
A. AI-Related Cybersecurity Risks
The NYDFS divides AI-related cybersecurity risks into two main categories: (1) risks posed by malicious actors leveraging AI, and (2) risks stemming from companies’ own use or reliance on AI…
Featured News
Federal Judge Allows Antitrust Case Against Claritev and Health Insurers to Move Forward
Jun 5, 2025 by
CPI
Michael Jordan’s NASCAR Team Denied Charter Bid After Appeals Court Ruling
Jun 5, 2025 by
CPI
European Commission Unveils Strategy To Position EU As Leader of Digital Global Order
Jun 5, 2025 by
CPI
Delivery Giants Settle with New York City Over Wage and Fee Cap Disputes
Jun 5, 2025 by
CPI
Former DOJ Antitrust Leader Launches Bid for Colorado Attorney General
Jun 5, 2025 by
CPI
Antitrust Mix by CPI
Antitrust Chronicle® – Industrial Policy
May 21, 2025 by
CPI
Industrial Strategy and the Role of Competition – Taking a Business Lens
May 21, 2025 by
Marcus Bokkerink
Industrial Policy, Antitrust, and Economic Growth: Some Observations
May 21, 2025 by
David S. Evans
Bolder by Design: Crafting Pro-Competitive Industrial Policies For Complex Challenges
May 21, 2025 by
Antonio Capobianco & Beatriz Marques
Competition-Friendly Industrial Policy
May 21, 2025 by
Philippe Aghion, Mathias Dewatripont & Patrick Legros