Starting Monday, banking and insurance companies will have to comply with groundbreaking regulations established by the state Department of Financial Services aimed at deterring cyberattacks, and begin reporting any such attacks to the department.

“Monday [Aug. 28] marks a significant milestone in protecting the financial services industry and the consumers they serve from the threat of cyberattacks,” said DFS Superintendent Maria Vullo in a statement. The new rules, billed as first in the nation, set minimum standards for cybersecurity based on the risk assessment of the entity, personnel, training and controls in place in order to protect data and information systems from hacking and data breaches, she said.

The rules established in March (NYLJ March 2), which were tweaked after public comment from industry officials, require banks and insurance companies regulated by the Department of Financial Services to have state-approved plans to deter cyberattacks and report any attacks within 72 hours of when they occur. But there's still debate as to whether the regulations are too restrictive.