Ad blocker interference detected!
Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers
Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.
New York State Department of Financial Services, Update on Cyber Security in the Banking Sector: Third Party Service Providers (Apr. 2015) (full-text).
The New York State Department of Financial Services (NYSDFS) recently conducted a survey with 40 different banking organizations including many of the largest financial institutions — about the cyber security standards these organizations have in place for their third-party vendors. On April 9, 2015, the NYSDFS released this report that outlines significant potential cyber security vulnerabilities with financial institution's third-party vendors. The report highlights some key findings:
- 1 in 3 banks surveyed do not require their third-party vendors to notify them of cyber security breaches
- Less than half of the banks surveyed require on-site assessments and review of their third party vendors
- Approximately 1 in 5 banks surveyed does not require third-party vendors to represent that they have established minimum information security] requirements. Additionally, only one-third of the banks require those information security requirements to be extended to subcontractors of the third-party vendors (fourth parties)
- Approximately 1 in 5 banks surveyed do not require the right to audit their third party vendor
- Nearly half of the banks do not require a warranty of the integrity of the third-party vendor's data or products (e.g., that the data and products are free of viruses).
- Approximately 2 in 5 banks surveyed require encryption for their data at rest
- Less than half of the banks surveyed carry insurance for information security failures by third party vendors.