On Wednesday, December 10, 2014, financial industry regulatory and enforcement agencies issued statements that their organizations will increase scrutiny of financial industry cybersecurity practices going forward.
In New York, the State’s Department of Financial Services Superintendent Benjamin Lawsky issued new guidelines to banks, detailing how their cybersecurity practices would be evaluated. The memorandum—sent to all New York chartered or licensed banking institutions—noted that the Department would take a close look at banks’ data breach detection abilities, cybersecurity corporate governance practices, resources devoted to information security, defenses against cyberattacks, management of third-party service providers, and cybersecurity insurance coverage, among other things.
The memorandum further noted that, prior to conducting an examination, the Department intends to request information on 12 information technology- and cybersecurity-related issues, including the qualifications and responsibilities of banks’ Chief Information Security Officers, information security policies, due diligence processes, and software development standards.
Continue Reading Financial Industry Regulators Increase Data Security Oversight