Given the lack of a comprehensive federal legislative cybersecurity regulation, states are stepping in to fill that void, particularly state regulators of financial institutions and service providers. This year both the New York Department of Financial Services and the Colorado Division of Securities have enacted substantive regulations forcing firms they cover to jump into action to ensure compliance, and firms anticipate that a number of other states will follow. “States are taking the lead. There’s no doubt about it,” David Stauss, a Denver-based Ballard Spahr partner, told the Cybersecurity Law Report. Despite different approaches, the New York and Colorado state regulations “should reach the same result, which is to enhance cybersecurity practices for the covered entities,” he said. For more on New York’s regulations, see “What Covered Financial Entities Need to Know About New York’s New Cybersecurity Regulations” (Mar. 8, 2017); “Are New York’s Cyber Regulations a “Game Changer” for Hedge Fund Managers?” (Jun. 14, 2017).