According to a new report by the state’s top financial regulator – Benjamin M. Lawsky, New York’s superintendent of financial services – Wall Street still has a ways to go when it comes to the oversight of cybersecurity measures at outside firms with which it does business.
The results of a survey Lawsky’s office began in October have been published and indicate that of 40 banks checked, only about a third require their outside vendors to notify them in the event of a breach of their networks. The findings also indicated that less than half of the banks interviewed by the superintendent’s office conduct on-site inspections of their vendors regularly – even vendors such as data providers, check-processing firms, accounting firms and law firms – all of which can have access to sensitive banking data and networks. Only about half of all banks surveyed required any sort of warranty on their partners’ products in relationship to their security.
“I don’t cast aspersions on any institutions because the cyberthreat has evolved so quickly,” Mr. Lawsky said in a New York Times interview discussing the survey results. “Things are in a great state of flux in terms of the institutions and for regulators, too, but all of these things need to be tightened up in a very serious way.”
Proposals detailing how banks can better manage security are currently under construction. Mr Lawksy’s is one of many financial regulators nationwide who have seen their focus on banking security increase exponentially over the last year. The Times reports that efforts to ensure that not only banks but the outside firms they use are adequately protected from cybercriminals has increased five-fold in the last year alone.
New York’s Wall Street survey also found that the United State trails Europe when it comes to adding some key protections for information that is shared with third-party firms.
“The fight against cyberterrorism and cybercrime is one that is not going away,” Mr. Lawsky said. “We need to start that fight with certain basic hygiene tests and that involves tightening your security with vendors and tightening your security with multifactor authentication.”
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More