Given the state of security
I would be surprised if a fraction of financial institutions are in compliance. Down here in Georgia we have the collapse of Equifax as a prime example of game gone bad. I work for a firm that DOES have a malware forensics department and a damn good one it is too. Quite rare. So - NYState? Given the total mess that Albany is, I see nothing really changing at all - only getting worse.