Law360, New York (March 20, 2017, 1:23 PM EDT) -- Designed for banks, insurance companies and other financial institutions, New York state's regulations, effective as of March 1, 2017, adopted sweeping new requirements for cybersecurity programs. The regulations established a broad footprint, not only in terms of the obligations imposed, but in the scope of organizations covered. In response to public criticism, the New York State Department of Financial Services revised the regulations somewhat, principally by tying certain elements of the mandated cybersecurity program to a risk assessment by each covered entity. Nonetheless, the regulations remain far more prescriptive than preceding regulatory schemes, including the security requirements of the Health Insurance Portability and Accountability Act that have long applied to the health care sector.[1] As a result, the cybersecurity regulations can be expected to have wide impact outside the arena of financial institutions in New York state....