NYDFS 500 Cybersecurity Alert

On March 10th, 2020, the New York Department of Financial Services issued a letter to industries requesting necessary preparedness plans be submitted by April 9, 2020. Third Rock can help you with the burden of meeting NYDFS 500 compliance.
Contact us today.

The financial industry is under siege regarding cyber crime. NYDFS is leading the way with stricter cybersecurity regulations to address the increasing instances of cyber attacks on the financial industries. NYDFS Cybersecurity Regulation (23 NYCRR 500) are regulations establishing cybersecurity requirements for financial services companies.

The NYDFS has supervisory power over banks, insurance companies, and other financial service companies. More specifically, they are: 

  • Credit Unions
  • Health Insurers
  • Investment Companies
  • Licensed Lenders
  • Private Bankers
  • Offices of Foreign Banks
  • Commercial Banks
  • Life Insurance Companies
  • Mortgage Brokers
  • Savings and Loans Associations

No Action Can Be Costly

Almost every covered entity is required to file a Certificate of Compliance with NYDFS by June 1, 2020.

NYDFS regulations can mean potential financial penalties equaling up to $500,000 in less than a week.

For example, these potentially hefty fines can add up quickly:

  • $2,500 per day during which a violation continues
  • $15,000 per day in the event of any reckless or unsound practices or pattern of misconduct
  • $75,000 per day in the event of a knowing and willful violation

Being NYDFS exempt does NOT mean you are EXCUSED

NYDFS made provisions for certain covered entities to be exempt from not having to meet certain 23 NYDFS 500 cybersecurity regulations. For more information about NYDFS exemption status click here.

Many entities with exemption status may not know they are still required to complete a risk assessment, revise policies and procedures, publish Third Party Provider Security Policy and document a cybersecurity program to avoid possible fines and penalties.

Third Rock has taken the confusion, frustration and labor intensive requirements for NYDFS compliance and made it simple, easy and affordable.

Utilizing Third Rock’s automated compliant software, CyberCompass™, you get a fast, effective and efficient solution to protect your business, clients and compliance by the June 1, 2020 deadline. We have solutions for EXEMPT and NON-EXEMPT entities.

Third Rock offers CyberCompass™ automated compliance software with built-in expertise that translates NYDFS government requirements into layman’s terms. It does most of the heavy lifting with the analysis and compliance documentation to streamline NYDFS compliance workflow so you can meet the June 1, 2020 deadline.

It is cloud-based, so it can be accessed anywhere with no software download. You don’t have to be a NYDFS or cybersecurity expert to use CyberCompass™.

Our automation can save your firm over 400 hours in twelve months on becoming and staying compliant.

  • Answer one set of simple yes/no questions that meets NYDFS & CIS-20
  • Flexibility to start and stop – CyberCompass™ saves your progress
  • Compliance gap report to gain visibility into your non-compliance
  • Built in step-by-step guide to fix issues and get compliant quickly
  • CyberCompass™ online vault to save your “body of evidence” in one place
  • Monitor your compliance for 12 months with dashboards and reporting

See our NYDFS and CyberCompass™ Frequently Asked Questions to learn more.



Email Previews


Page Testing

Interactive Testing

Spam Filter Tests

500,000 Tracking Opens

2 Users Free

Your Text

Your Text

Your Text

Your Text

Your Text

Your Text

Your Text

Your Text

Your Text

Your Text

Your Text

CyberCompass Features

Know your vulnerabilities

Guided Risk Assessment with virtual Chief Compliance Officer and virtual Chief Information Security Officer 

Penetration Testing - up to 10 public facing IP addresses 1 time a year

Network Vulnerability and Compliance Scans - 1 network for up to 225 devices 2 times a year

Build Resilience with Automation

Policies and Procedures - Full set created to meet NYDFS requirements

Risk Management Plan

Cybersecurity Plan

Incident Response Plan

Business Continuity / Disaster Recovery Plan

Breach Notification Plan

Stay Vigilant

SDLC Plan for application development

Third Party NYDFS Compliance Tracking

Audit Trail / Body of Evidence

Cyber Awareness Employee Training 

12 months access to CyberCompass software to monitor cyber risk

NYDFS Certification of Compliance - ready to file



billed yearly

8 hours of our guided expertise via online meeting and phone

25 seats



billed yearly

12 hours of our guided expertise via online meeting and phone

100 seats

Professional Solutions


Contact for pricing

Virtual officer services meet NYDFS on-staff CISO requirements

Rapid Response Services

Remediation Assistance

Rapid Remediation Services

Custom Policies and Procedures

Virtual Compliance Officer

Cybersecurity scans and rapid repair

Self-Assessment Assistance

We have affordable pricing to get you compliant quickly

WordPress Pricing Table Plugin