New York State Department of Financial Services, Report on Cyber Security in the Banking Sector (May 2014) (full-text).
The New York State Department of Financial Services (the "Department") in 2013 conducted an industry survey on cyber security. A total of 154 institutions were asked to complete a questionnaire seeking information on each participant's cyber security program, costs, and future plans. The objective of the survey was to obtain a horizontal perspective of the financial services industry's efforts to prevent cyber crime, protect consumers and clients in the event of a breach, and ensure the safety and soundness of their organizations.
The survey asked questions about each participant's information security framework; corporate governance around cyber security; use and frequency of penetration testing and results; budget and costs associated with cyber security; the frequency, nature, cost of, and response to cyber security breaches; and future plans on cyber security.
In addition to the survey, the Department met with a cross-section of depository institutions and cyber security experts over the course of several months to discuss industry trends, concerns, and opportunities for improvement.
The findings described in this report represent responses of the survey participants as a whole or of specific sub-categories of participants (e.g., by asset size).