The New York State Department of Financial Services (NYDFS) has been a leader in setting cybersecurity standards for the financial services industry, as its 2017 cybersecurity regulation was the first of its kind. In 2019, to strengthen its focus on cybersecurity, the NYDFS created a Cybersecurity Division (Cyber Division) and named Justin Shibayama Herring, a former Chief of the Cyber Crimes Unit of U.S. Attorney’s Office of New Jersey, as Executive Deputy Superintendent to oversee it. At a recent Davis Polk program, partner Robert A. Cohen, former chief of the SEC’s Cyber Unit, interviewed Herring, delving into the Cyber Division’s examination and enforcement focus, including lessons from recent cases; navigating the panoply of cyber regulations and incident reporting challenges; and best practices when adopting affiliates’ cybersecurity programs. This article distills Herring’s insights. For more on cybersecurity issues, see “Key Considerations for Fund Managers When Selecting and Negotiating With a Cloud Service Provider” (Mar. 16, 2021); and “Vulnerable Fund Managers Are Targets of Cultural Engineering Cyber Attacks: How Can Your Firm Avoid Being Next?” (Sep. 1, 2020).