The two-year transitional period for the New York State Department of Financial Services’ Cybersecurity Regulation has ended and the last rolling requirement regarding third-party management is now in effect. Among other things, that provision, Section 500.11, effective March 1, 2019, requires the adoption of processes that address the identification and risk assessment of third parties and the minimum cybersecurity practices they must meet. The Cybersecurity Law Report spoke with Mike Stiglianese, technology and cybersecurity managing director for the financial services industry at BDO, about the third-party requirements, dealing with vendors, the enforcement climate, and the potential far-reaching effects of the law. See “The Hidden Requirements in NYDFS’ Cybersecurity Regulation” (Oct. 24, 2018) and our webinar, “Tackling the NYDFS Cybersecurity Regulation’s Ongoing Challenges” (Dec. 6, 2018).