The New York Department of Financial Services (NYDFS) will delay the effective date of their proposed cybersecurity regulation until March 1, 2017. A new draft of the proposed regulation will be published on December 28, 2016, with an anticipated 30 day comment period. The original proposed regulation met with significant resistance, including reportedly more than 150 comment letters. Many of the comments identified the proposed regulation as highly prescriptive and lacking of allowance for Covered Entities to make risk-based decisions on certain important technology matters. Additionally, a number of comments requested the ability to distinguish between small and large Covered Entities in structuring cybersecurity programs based on size and risk. A number of the comments also expressed concern that inconsistencies with federal and other state regulations, which are anticipated in the future, would make compliance highly complicated. Nevertheless, a number of comments expressed agreement with the Department’s goal of improving cybersecurity programs overall. If the original 180 days for Covered Entities to come into compliance with the regulation is maintained, August 28, 2017, will be a crucial date. It is not known whether the Department will extend the January 15, 2018, date for Certification of compliance with the regulation.