New York State Department of Financial Services Urges Tighter Cybersecurity at Banks’ Outside Vendors: Report Assesses Banking Industry’s Progress in Addressing Cybersecurity Risks Posed by Third-Party Service Providers

Sullivan & Cromwell LLP - April 16, 2015

On April 9, the New York State Department of Financial Services (“DFS”) released findings arising out of its study of measures banking organizations use to address cybersecurity risks posed by their third-party service providers.  The April 9 report, which updates a May 2014 report, is based on a survey of vendor cybersecurity practices in place at 40 regulated banking organizations.  It highlights various cybersecurity measures that banking organizations may want to consider implementing.  The DFS said that its findings demonstrate a “need to tighten cybersecurity at banks’ third-party vendors” and that, in the coming weeks, the DFS expects to move forward on regulations strengthening cybersecurity standards for banks’ third-party vendors.  The DFS also said that it was conducting an analogous review of vendor cybersecurity practices at the insurance companies it regulates and expects to put in place heightened cybersecurity standards there as well.