New York State Department of Financial Services Publishes Survey Results on Banking Industry Third-Party Service Providers and Cybersecurity

Kathleen Porter
Robinson & Cole LLP
Contact
LinkedIn
Facebook
X
Send
Embed

The New York State Department of Financial Services (NYDFS) recently published the results of its cybersecurity survey of more than 150 regulated small, medium, and large banking organizations. The survey asked for information the bank’s use and management of third-party service vendors with access to sensitive information. In particular, the survey asked banks whether they conducted initial or periodic due diligence assessments of third-party vendors, and what measures vendors took to safeguard sensitive information and/or to protect against loss due to security incidents. Less than half of the banks surveyed required due diligence assessments of potential third-party vendors prior to a contract. About one-third conducted periodic assessments during the term of the vendor’s contract. A third of the respondents did not require the vendor to notify them in the event of a security incident or breach.

NYDFS announced it will use the results to help it develop and adopt threshold cybersecurity standards for regulated banking organizations and their vendors. The anticipated standards will likely include due diligence, suggested or mandated vendor cybersecurity representations and warranties as well as a reporting mandate on security incidents.

Regulators, including NYDFS, continue to focus on requiring minimum cybersecurity standards to be in place when companies provide third-party vendors access to their IT systems and sensitive data. These minimum standards target identified areas of risk and are intended to reduce the number and severity of a cybersecurity incident. The particular focus on third party vendors reflects the recognition that a number of recent large scale breaches, such as those  suffered Target and Home Depot,  occurred in whole or part because credentials of a third-party vendor were apparently stolen.

NYDFS’ survey results are available in the report “Update on Cyber Security in the Banking Sector: Third Party Service Providers,” which updates its 2014 “Report on Cybersecurity in the Banking Sector” that emphasized bank’s widespread reliance on third party vendors for important banking functions, such as trading and settlement operations, check and payment processing.

NYDFS is the principal regulator for state-licensed and state-chartered financial entities and other financial institutions operating in the State of New York, as well as insurance companies.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson & Cole LLP | Attorney Advertising

Written by:

Robinson & Cole LLP
Robinson & Cole LLP
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Robinson & Cole LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide