Cybersecurity Regulations Issued for Banks in New York State
As cyber threats become more common for a variety of industries, it makes sense that regulations and laws may become standard in an effort to safeguard against possible attacks. Industries from power to transportation to communications and beyond are all potential targets whose vulnerabilities would clearly cause issues for the public at large. Banks are another component of our nation's critical infrastructure, that must be safeguarded against cyber threats. With this in mind, long-awaited cybersecurity regulation proposals were announced in late September for the banking industry in the state of New York. The goal of much of this is to place cyber threat intelligence sources into more organized systems, with the hope of both communicating about developing cyber-attacks more readily, as well as maintaining a watch over key corporate infrastructure to ensure they are taking online security seriously.
Spearheaded by Governor Andrew Cuomo, the New York regulations announced are state specific, but they could establish themselves as standards by which other states look to mold similar rules. Affecting banks and insurance companies, the proposed regulations would set into place requirements for companies to have departments devoted specifically to monitoring cybersecurity. Under the authority of the New York State Department of Financial Services (NYDFS), obligations may be placed on institutions to report consistently on the state of the security systems and platforms in place.
This all comes on the backdrop of two headline grabbing incidents regarding cybersecurity within the banking industry. In one, the NYDFS released a report in 2015 that showed that a full one-third of forty banks surveyed did not require their vendors to report to them on any and all potential data breaches. And in another, U.S. prosecutors charged three men with a large scale cyberattack directed at JPMorgan Chase & Co. that resulted in hundreds of millions of dollars in damages.
Among the regulations proposed by the NYDFS, two stood out: institutions would have to test cybersecurity systems with semi-annual reports available for the review by the NYDFS, and companies would be under mandatory rules to employ a chief information officer to oversee a security based program. Regulators with the state unveiled preliminary concepts for such guidelines as far back as 2014 and have worked with banks to try and bring security up to a standard level at a gradual pace while not being overly cumbersome.
This is all in an effort to bring everyone to the table when it comes to cybersecurity, with the state working hand-in-hand with corporations to ensure systems with critical public data are secure. Platforms based on this type of cooperation will be in great demand, and systems that can broadly and efficiently aggregate the data from network security devices for a single ground truth on cyber threat intelligence will be at a premium. NC4 Mission Center CTX is exactly this type of product. For more information on our services and platforms contact us at 877-624-3771, or feel free to e-mail us anytime for more information at
Thanks for contacting NC4! A member of our team will be in touch with you shortly.