March 7 – New York State has passed the nation’s first cybersecurity regulations designed to protect consumers and safeguard the security of the state’s financial services industry. While New York is the first to pursue such an initiative, financial institutions across the nation should expect similar regulations to take hold as cyber attacks continue to rise, both in numbers and intensity. DefenseStorm urges financial institutions to take a more proactive approach to cybersecurity now to not only stay steps of ahead of bad actors, but regulations that are surely around the corner for other states as well.
The new regulations took effect March 1, 2017 and require financial institutions that are regulated by the New York State Department of Financial Services (DFS) to annually prepare and submit a certification of compliance to the New York DFS cybersecurity regulations. There are several guidelines that institutions must adhere to, including:
- Draft a written cybersecurity policy;
- Appoint a Chief Information Security Officer;
- Implement an audit trail system;
- Review access privileges;
- Require multi-factor authentication and cybersecurity awareness training; and
- Maintain data related to cybersecurity events for three years
Financial institutions have 180 days to comply with new regulations.
“New York’s cybersecurity regulations will likely have a domino effect on the rest of the nation, as other states will soon follow suit with their own cybersecurity policies,” said Sean Feeney, CEO of DefenseStorm. “With the rise in high-profile security breaches, it is only a matter of time before widespread regulations like these are enacted. Financial institutions should act now and take steps toward enforcing a solid cybersecurity program. Whether you’re a large, national financial institution or a smaller community bank, cybersecurity must be a top priority. DefenseStorm has proven to significantly strengthen institutions’ cybersecurity initiatives and can reduce the time it takes to prepare for a cybersecurity exam by over 50 percent.”
The economic cost of being hacked is substantial. According to the Ponemon Institute’s 2016 Cost of a Data Breach Study, the total average organizational cost of a data breach is $7.01 mil-lion and the average cost per record breached is $221 – and those numbers continue to rise. Moreover, the average cost of legal proceedings against perpetrators averages $500,000, fines imposed by federal authorities can range from $5,000-$100,000, credit monitoring costs for affected customers averages $10-$30 per customer, and the cost of third-party forensic examination can be as high as $2,000 per hour. In addition to these costs, there are also reputational risks financial institutions face. The financial and reputational costs of a data breach, combined with the implementation of new cybersecurity regulations, means that the need for effective cybersecurity is at an all-time high.
DefenseStorm is a security data platform that watches everything on your network and matches it to your policies, providing cybersecurity management that is safe, compliant and cost effective. Built from the ground up in the cloud, DefenseStorm unifies detection, investigation, reporting and compliance into a single place to manage cybersecurity data. Formed by bankers and technology experts, DefenseStorm aggregates event data across all cybersecurity tools and links policies to real-time alerts, so that financial institutions can prove to regulators they are both secure and compliant with evolving FFIEC cybersecurity requirements. For more information please visit http://www.DefenseStorm.com.