ARTICLE
18 April 2015

Cyber Security Regulations Ahead Says New York State’s Dept. of Financial Services

PR
Proskauer Rose LLP

Contributor

The world’s leading organizations and global players choose Proskauer to represent them when they need it the most. Our top tier team of star trial attorneys, acclaimed transactional lawyers and exceptionally talented partners and associates have earned a reputation for the relentless pursuit of perfection and a dauntless pursuit of success.
Based on a report released last week about cyber security vulnerabilities faced by financial institutions, New York State Department of Financial Services ("NYDFS") Superintendent Benjamin Lawsky signaled that the agency will soon move forward with cyber security regulations.
United States Finance and Banking

Based on a report released last week about cyber security vulnerabilities faced by financial institutions, New York State Department of Financial Services ("NYDFS") Superintendent Benjamin Lawsky signaled that the agency will soon move forward with cyber security regulations.  The report concluded that banks' third-party vendors have significant potential cyber security vulnerabilities.  Superintendent Lawsky said that the regulations will strengthen cyber security standards for banks' third-party vendors, including potential measures related to cyber security representations and warranties that banks receive from their vendors.

The NYDFS report surveyed 40 covered entities and identified what it described as a number of potentially significant security gaps.  Among other issues, the report found that:

  • Less than 50% of the institutions surveyed required any on-site assessments of vendor cybersecurity practices; only 46% required these evaluations to be conducted before a vendor was retained; and only 35% conducted periodic on-site inspection after the vendor was hired.
  • Over 20% of surveyed banks did not ask vendors to warrant that they had adequate cybersecurity practices and procedures in place. Of the banks that called for such representations, only 36% required that the warranties also apply to subcontractors.
  • 44% of banks did not expect their vendors to guarantee that data and other products provided by them would be free of viruses and other cybersecurity issues.
  • 30% of the surveyed organizations did not require vendors to notify them of cybersecurity breaches.

The agency also stated that it would be surveying a group of regulated insurers for similar issues concerning the cybersecurity of third-party vendors.

For more information, the full statement can be found here and the report can be accessed here.

MACRA Signed Into Law By President; Reforms Medicare Payment Policy For Physician Services

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More