Editor’s Note: The New York State Department of Financial Services report, “Update on Cyber Security in the Banking Sector: Third Party Service Providers,” is attached here.
From: Association of Corporate Counsel
Jonathan G. Cedarbaum, Reginald J. Brown, Benjamin A. Powell, Jason C. Chipman and Marik A. String | Wilmer Cutler Pickering Hale and Dorr LLP
On April 9, the New York State Department of Financial Services (NYDFS) released a report on bank vendor cybersecurity that highlights the risk that hackers will use third-party service providers to gain access to bank data. The report, entitled Update on Cyber Security in the Banking Sector: Third Party Service Providers,1 is based on responses to an October 2014 NYDFS information request to 40 regulated financial institutions and is significant for at least two reasons. First, the report may be useful for benchmarking a company’s cybersecurity practices against similarly situated businesses. Second, the report may become the basis for NYDFS to promulgate new cyber regulations for third-party vendors-particularly with regard to the representations and warranties banks receive about cyber protections-in the coming weeks.2
The October 2014 NYDFS request had asked that institutions describe steps taken to comply with the third-party stakeholder provisions of the Framework for Improving Critical Infrastructure Cybersecurity issued by the US Commerce Department’s National Institute of Standards and Technology (NIST).3 Third-party providers include check and payment processing firms, trading and settlement operations firms, data processing firms and many others, which often have access to banking institutions’ information technology systems.
Key findings from the report include:
Leave a Reply