young woman working on a laptopBanks, insurance companies, and other financial service institutions are top targets for online attackers. Your institution carries important information about customers and a breach could wreak havoc on real people and their lives. Not to mention it could cost your organization your reputation. The risk is real. Consider these statistics: 

  • 71% of all data breaches are financially motivated. (Verizon)
  • The cost of cyberattacks in the banking industry reached $18.3 million annually per company. (Accenture)
  • The United States suffered 1,473 cyberattacks over the last year, leading to 164.6 million successful data breaches. (Statisca) 
  • 8 out of 10 US citizens fear that businesses are not able to secure their financial information. (AICPA) 

That’s why cybersecurity compliance is such an important topic. Consumers trust that their financial services institutions are doing everything they can to prevent attacks and protect personal data — but without state or federally mandated compliance measurements in place, no one really knows for sure. And when it comes to people’s money and livelihood, faith and trust only go so far. 

State Regulations Requirements

States like New York have instituted the NYDFS Cybersecurity Regulation — a new set of regulations from the NY Department of Financial Services (NYDFS) that places cybersecurity requirements on all covered financial services. This means any registered entity providing financial services, including insurance companies, banks, as well as financial service institutions are responsible for creating a program that establishes risk-based controls to protect the integrity, confidentiality, and accessibility of information stored, processed, or transferred.

If you operate in a state like NY that requires cybersecurity regulation, you need to be in compliance. Are you ready? 

How to Prepare for Cybersecurity Compliance

The NYDFS Cybersecurity Regulation imposes strict rules for covered organizations, including: 

  • Installing a detailed cybersecurity plan that includes an audit trail of activities, written documentation of procedures, standards, and guidelines for both in-house and third-party applications, as well as robust encryption and security control measures 
  • Designating a Chief Information Security Officer
  • Enacting a comprehensive cybersecurity policy
  • Maintaining an online cybersecurity reporting system  that identities all internal and external threats 

We Can Help 

If you need help understanding how to prepare for when NY checks your company’s compliance, Lou Penn & Associates, Inc. and our Market Conduct Auditor web-based software can help. Contact us for a free template for the New York DOI Market conduct examinations and see if you’re in compliance. Or, give us a call at 1-866-458-4333 to learn more about how we can help you with your compliance needs.