Banks chartered in New York will now have to undergo regular assessments of how prepared they are for cyber threats like malware, botnets and denial of service attacks.
The new rule comes after the Department of Financial Services released a report Tuesday that found most banks in the state have seen intrusions or attempted intrusions by hackers in the last three years.
"It's frequent. It's increasing in sophistication, and those attacks are proliferating," said DFS Superintendent Benjamin Lawsky. "These aren't isolated events."
In the survey, banks told the state that account takeovers, identity theft and telecommunication disruptions were the top three types of cyber attacks they have faced.
Roughly four out of five banks reported that they have increased their cyber security budgets over the past three years. About the same number said they plan to spend even more in the future.