September 22, 2019

September 20, 2019

Subscribe to Latest Legal News and Analysis

Cyber Security Regulations Ahead Says New York State’s Dept. of Financial Services

Based on a report released last week about cyber security vulnerabilities faced by financial institutions, New York State Department of Financial Services (“NYDFS”) Superintendent Benjamin Lawsky signaled that the agency will soon move forward with cyber security regulations.  The report concluded that banks’ third-party vendors have significant potential cyber security vulnerabilities.  Superintendent Lawsky said that the regulations will strengthen cyber security standards for banks’ third-party vendors, including potential measures related to cyber security representations and warranties that banks receive from their vendors.

The NYDFS report surveyed 40 covered entities and identified what it described as a number of potentially significant security gaps.  Among other issues, the report found that:

  • Less than 50% of the institutions surveyed required any on-site assessments of vendor cybersecurity practices; only 46% required these evaluations to be conducted before a vendor was retained; and only 35% conducted periodic on-site inspection after the vendor was hired.

  • Over 20% of surveyed banks did not ask vendors to warrant that they had adequate cybersecurity practices and procedures in place. Of the banks that called for such representations, only 36% required that the warranties also apply to subcontractors.

  • 44% of banks did not expect their vendors to guarantee that data and other products provided by them would be free of viruses and other cybersecurity issues.

  • 30% of the surveyed organizations did not require vendors to notify them of cybersecurity breaches.

The agency also stated that it would be surveying a group of regulated insurers for similar issues concerning the cybersecurity of third-party vendors.

For more information, the full statement can be found here and the report can be accessed here.

© 2019 Proskauer Rose LLP.


About this Author

Sigal P. Mandelker, White Collar Defense Attorney, Proskauer Law Firm

Sigal Mandelker is a Partner in the New York office. She is a member of the firm’s White Collar Defense & Investigations, Appellate, International Practice, and Privacy Groups. Sigal represents individual and corporate clients in connection with government investigations and prosecutions, including white collar criminal defense, the FCPA, anti-money laundering matters, SEC and related enforcement matters, internal investigations, public corruption, and cyber security. She has a broad range of experience in domestic and international enforcement matters, appellate litigation,...

Boris Zeldin, Litigation Attorney, Proskauer Law Firm

Boris Zeldin is an Associate in the Litigation Department, resident in the New York office.

Boris previously worked in the Special Federal Litigation Division of the New York City Law Department. While in law school, he interned for the Office of Staff Counsel of the U.S. Court of Appeals for the Second Circuit and the Commodity and Futures Trading Commission. He also also worked with, and later became President of the Brooklyn Law School chapter of the Unemployment Action Center.