A Study on Cybersecurity Regulation for Financial Sector: Policy Suggestion based on New York’s Cybersecurity Regulation(23 NYCRR 500)

In March 2017, the State of New York became the first state to implement regulation specific to cybersecurity for financial institutions. Unlike previous regulations regarding information security, it has set a minimum requirements to establish cybersecurity program based on risk assessment results, protect Nonpublic Information, designate of CISO, and report to regulatory entity. This paper presents a need for a new cybersecurity policy in Korea by examining newly adopted cybersecurity regulation in the United States. Finally, the paper identify policy suggestions based on the United States’s approach as they have successfully implemented the program.