New York Department of Financial Services Guidance on AI-Related Cybersecurity Risks
On October 16, 2024, the New York Department of Financial Services (“NYDFS”) issued guidance (“Guidance”) concerning cybersecurity risks that arise in response to the advancements in artificial intelligence (“AI”). AI technology has, in many cases, positively impacted cybersecurity and businesses, improving the ability of entities – including those regulated by DFS (referred to herein as “Covered Entities”) – to prevent cyberattacks, enhance threat detection, and improve incident response strategies. However, AI has also opened the door to a myriad of opportunities for cybercriminals to infiltrate secure information systems containing Nonpublic Information (“NPI”).
The Department has received inquiries about how AI is changing cyber risk and how Covered Entities can mitigate risks associated with AI. The Guidance is intended to be a tool to assist Covered Entities in understanding and assessing cybersecurity risks associated with the use of AI and the controls that may be used to mitigate those risks.
The Guidance does not impose any new requirements beyond those in NYDFS’s cybersecurity regulation codified at 23 NYCRR Part 500 (the “Cybersecurity Regulation”); it is meant to explain how Covered Entities should use the framework set forth in the Cybersecurity Regulation to assess and mitigate cyber risks associated with AI.
While there are many risks related to the use of AI, there are certain threats that are specific to cybersecurity. The Guidance highlights some of the more concerning threats identified by cybersecurity experts, but it is not exhaustive.
One of the most important requirements for combatting AI-related risks is to maintain Third-Party Service Provider (‘TPSP”) policies and procedures that include guidelines for conducting due diligence before a Covered Entity uses a TPSP that will access its Information Systems and/or NPI.
Implementing robust access controls is another defensive measure used to combat the threat of deepfakes and other forms of AI-enhanced social engineering attacks, and to prevent threat actors from gaining unauthorized access to a Covered Entity’s Information Systems and the NPI maintained on them.
How Centri Can Help
At Centri, we understand the evolving landscape of cybersecurity risks, particularly with the advancements in AI. Our IT risk and cybersecurity advisory experts collaborate with your senior management to:
- Assess cybersecurity threats and vulnerabilities to your organization via a comprehensive risk-based approach.
- Align your internal controls with recognized industry frameworks.
- Provide valuable insight and actionable takeaways & implementation plans.
- Serve as trusted risk advisors, including developing roadmaps to address the cybersecurity challenges that are unique to your organization.
Contact us to learn more about how we can support your organization in managing AI-related cybersecurity risks and maintaining compliance with evolving regulations.
Partner | Artificial Intelligence & Cannabis Practice Leader | CPA
Kevin is a Partner at Centri Business Consulting, where he leads the firm’s Artificial Intelligence and Cannabis practice groups. Since joining Centri in December 2014, Kevin has specialized in supporting high-growth companies, particularly those in the AI, technology and cannabis industries, through critical stages of their business lifecycle.. View Kevin McLaughlin's Full Bio
Managing Director | IT Risk & Cybersecurity Practice Leader | CISA
Rich is a Managing Director at Centri Business Consulting and the leader of the firm’s IT Risk & Cybersecurity Practice. He has more than 14 years of combined experience in internal control consulting, IT risk, cybersecurity advisory, and risk-based internal audits and accounting. View Rich Sowalsky's Full Bio
Senior Director | Insurance Practice | CPA
John is a Senior Director at Centri Business Consulting within the firm’s Insurance Practice. He has over 38 years of public accounting and management consulting experience serving both public and non-public clients within the Financial Services and Insurance sectors. View John Swanick's Full Bio
Managing Director | Insurance Practice Leader | CPA
Joe is a Managing Director at Centri Business Consulting and the leader of the firm’s Insurance Practice. He has over 30 years of global leadership experience performing and leading complex regulatory compliance, risk, internal audit, and controls engagements for large multinational companies. View Joe Hayes's Full Bio
Senior Manager | CPA
Doug is a Senior Manager at Centri Business Consulting. He has more than 15 years of experience in professional services supporting startups to Fortune 50 companies. He joined Centri in July 2024 and assists insurance clients with risk advisory services, technical accounting advisory, outsourced accounting, and financial transformation services.. . View Doug Borell's Full Bio
About Centri Business Consulting, LLC
Centri Business Consulting provides the highest quality advisory consulting services to its clients by being reliable and responsive to their needs. Centri provides companies with the expertise they need to meet their reporting demands. Centri specializes in financial reporting, internal controls, technical accounting research, valuation, mergers & acquisitions, and tax, CFO and HR advisory services for companies of various sizes and industries. From complex technical accounting transactions to monthly financial reporting, our professionals can offer any organization the specialized expertise and multilayered skillsets to ensure the project is completed timely and accurately.
Eight Penn Center
1628 John F Kennedy Boulevard
Suite 500
Philadelphia, PA 19103
530 Seventh Avenue
Suite 2201
New York, NY 10018
4509 Creedmoor Rd
Suite 206
Raleigh, NC 27612
615 Channelside Drive
Suite 207
Tampa, FL 33602
1175 Peachtree St. NE
Suite 1000
Atlanta, GA 30361
50 Milk St.
18th Floor
Boston, MA 02109
1775 Tysons Blvd
Suite 4131
McLean, VA 22102
One Tabor Center
1200 17th St.
Floor 26
Denver, CO 80202
1-855-CENTRI1
virtual@CentriConsulting.com