Why Compliance Is No Longer King for Financial Services Cybersecurity

Dark Reading

Financial services companies' experience in risk management serves them well when it comes to minimizing their cyber-risk

Data Privacy Laws in Financial Services: NYDFS 500

Perficient Data & Analytics

In my post today I want to discuss data privacy laws, specifically involving New York State Department of Financial Services (NYDFS) 23 NYCRR 500. The New York State Department of Financial Services (NYDFS) 23 NYCRR 500 is a set of regulations that place cybersecurity requirements on all covered financial institutions. Service providers. There are few exemptions to the NYDFS cybersecurity regulation.


Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

New York Department of Financial Services Released New Guidance Addressing COVID-19 Related Cybersecurity Risks

HL Chronicle of Data Protection

Continuing its focus on COVID-19’s impact on its regulated entities, on April 13, the New York Department of Financial Services (NYDFS) released new cybersecurity guidance in response to the COVID-19 pandemic.

Summary – “Industry in One: Financial Services”

ARMA International

The scope of a records and information management (RIM) program in financial services can seem overwhelming. Compared to other industries, the complexities of managing records and information in financial services are arguably some of the toughest to solve, primarily because of the intense regulatory scrutiny. History of Financial System. financial system continues to evolve in response to changing regulations. Financial Services Industry Overview.

NYDFS 500 and GDPR in Financial Services – Actions to Take Now

Perficient Data & Analytics

The first step any financial institution must take in its response to the laws is to evaluate its exposure and current capabilities in protecting sensitive business and customer data. Firms should identify the gaps in their cybersecurity program, including areas that need immediate action and longer-term changes to support the program. Implement: Technical services are required to create/ update cybersecurity policies and procedures.

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Data Matters

On February 4, 2021, the New York Department of Financial Services (NYDFS) issued Circular Letter No. Lacewell stated that cybersecurity is the biggest risk for government and private organizations and described how the Framework is based on “extensive dialogue with industry and experts.”. Authorized property/casualty insurers should use a data-driven and comprehensive plan to assess gaps and vulnerabilities in the cybersecurity of their insureds and potential insureds.

DNS Cyber Attacks Costing Financial Services Companies $924,390


According to a report entitled The 2018 Global DNS Threat Report by EfficientIP, the financial services industry is the worst affected sector by domain name systems (DNS) attacks which are cyber attacks where attackers take advantage of network vulnerabilities to break into bank systems stealthily. According to the report, last year, a single financial sector attack cost each organization $588,200 to recover.

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R. Part 500 (Cybersecurity Regulation or Regulation). The NYDFS Cybersecurity Regulation.

Embracing new ways of working in financial services


Embracing new ways of working in financial services. In times of crisis, the preservation of key functions and services is critical, regardless of industry. Customer service. In a crisis like this, the financial welfare of many customers is seriously threatened.

NY Department of Financial Services Issues Guidance to Regulated Entities Regarding Cybersecurity During the COVID-19 Pandemic

Hunton Privacy

On April 13, 2020, the New York Department of Financial Services (“NYDFS”) issued guidance (“April guidance”) to all New York State entities covered under NYDFS’s cybersecurity regulation regarding assessing and addressing heightened cybersecurity risks due to the COVID-19 pandemic.

Financial Services Organizations Need to Adapt their Security Practices to the Shifting Environment

Thales Cloud Protection & Licensing

Financial Services Organizations Need to Adapt their Security Practices to the Shifting Environment. Even “traditional banks” seek to drive more revenue from digital products, personalized services and experiences.

Survey Finds Financial Services Fail to See Tech as a Disruptor


A survey by Vuealta found that fiancial services leaders are far more concerned about compliance and cybersecurity than the financial services startups they are in competition with. Financial Services News financial services fintech fintech startupsThis may be a mistake. Read more here.

NY Department of Financial Services Issues Reminder for Cybersecurity Filing Deadline

Hunton Privacy

On January 22, 2018, the New York Department of Financial Services (“NYDFS”) issued a press release reminding entities covered by its cybersecurity regulation that the first certification of compliance with the regulation is due on or prior to February 15, 2018. DFS’s goal is to prevent cybersecurity attacks, and we therefore will now include cybersecurity in all DFS examinations to ensure that proper cybersecurity governance is being practiced by our regulated entities.

NY Charges First American Financial for Massive Data Leak

Krebs on Security

In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. First American Financial Corp. Data Breaches The Coming Storm First American Financial Corp. New York State Department of Financial Services Reuters

New York State Expected to Increase Enforcement of Cybersecurity Practices

HL Chronicle of Data Protection

The Regulation and the Act both contain prescriptive cybersecurity requirements and new breach notification obligations for regulated organizations. In May 2019, NYDFS announced the creation of a Cybersecurity Division to enforce the Regulation.

Firmware attacks, a grey area in cybersecurity of organizations

Security Affairs

Eighty-nine percent of regulated industry companies felt willing and able to invest in security solutions, although those in the financial services sector are not quite as ready to invest as companies in other markets.”

NY Investigates Exposure of 885 Million Mortgage Documents

Krebs on Security

New York regulators are investigating a weakness that exposed 885 million mortgage records at First American Financial Corp. NYSE:FAF] as the first test of the state’s strict new cybersecurity regulation. That measure, which went into effect in March 2019 and is considered among the toughest in the nation, requires financial companies to regularly audit and report on how they protect sensitive data, and provides for fines in cases where violations were reckless or willful.

UniCredit Suffers Third Breach Despite Investing Billions in Cybersecurity


Breach cybersecurity investment data breach financial services GDPR italy unicreditUniCredit was also hit with hacking incidents in September-October 2016 and June-July 2017.

NYDFS 500: Why the Regulation?

Perficient Data & Analytics

Previously, I discussed data privacy laws, specifically involving New York State Department of Financial Services (NYDFS) 23 NYCRR 500. All covered entities must adopt a cybersecurity program that meets the following minimum requirements based on the covered entity’s risk assessment. Cybersecurity Program: Maintain a cybersecurity program designed to protect the confidentiality, integrity, and availability of the information systems.

How Multi-factor Authentication Can Benefit Your Industry

Rocket Software

Financial services organizations typically experience the most data breaches and hacks, which makes security a priority. Benefits for Financial Services. Depending on what industry you’re in, your approach to security may be very different.

New York State imposes a $1.5 million penalty in cybersecurity breach case

Data Protection Report

On March 3, 2021, the New York Department of Financial Services (NYDFS) announced a Consent Order with a NYDFS-licensed Maine-based mortgage banker and loan servicer settling alleged violations of the NYDFS cybersecurity regulations. ( Cybersecurity cybersecurity NYDFS

Banking and Finance: Cybersecurity Challenges

Data Breach Today

Imperva's Terry Ray on Application Security Imperatives in the Cloud Age Banks and other financial services sector organizations need to pay more attention to their security infrastructure and defenses and apply application security safeguards to monitor all of their data - as well as individual files, says Terry Ray, CTO of Imperva

February 15 deadline looms for first DFS Cybersecurity Certification

Data Protection Report

February 15, 2018, is quickly approaching and any entity subject to New York’s cybersecurity regulation (23 NYCRR Part 500) must file its first annual certification of compliance with the New York State Department of Financial Services (DFS) by that date. Regulatory response cybersecurity certification cybersecurity regulation Department of Financial Services DFS New York

Twitter Hack Analysis Drives Calls for Greater Security Regulation

Dark Reading

New York's Department of Financial Services calls for more cybersecurity regulation at social media firms following the "jarringly easy" Twitter breach

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

In the past two years, multiple state bills that have been introduced in the US to provide for cybersecurity requirements and standards to the insurance sector, with recent legislative activity taking place in particular within the States of Ohio, South Carolina, and Michigan. The entering into effect of multiple state laws in this area may present challenges for insurance providers operating in states where such cybersecurity requirements are provided for.

Cybersecurity and the False Claims Act: A New Frontier for Contractor Liability? (Podcast Series)

HL Chronicle of Data Protection

Please tune in for an in-depth podcast discussion of cybersecurity and the False Claims Act, featuring Mike Vernick and Mike Scheimer. February 26 : FCA Enforcement in the Financial Services Sector. Cybersecurity & Data Breaches cybersecurity False Claims Act podcast

NYDFS Files First Cybersecurity Enforcement Action

Hunton Privacy

On Wednesday, July 22, the New York Department of Financial Services (the “NYDFS”) announced that it had filed administrative charges against First American Title Insurance Co. under the NYDFS Cybersecurity Regulation , marking the agency’s first enforcement action since the rules went into effect in March 2017. follow the recommendations of First American’s internal cybersecurity team to conduct further investigation into the vulnerability.

First American Title Insurance Co. Faces Charges in NY

Data Breach Today

Company Could Be Fined $1,000 for Each Violation of State Cybersecurity Law The New York State Department of Financial Services has filed civil charges against First American Title Insurance Co.,

Improve your data relationships with third parties


Regulators are focusing on the data relationships financial services organizations have with third parties, including how well personal information is being managed. 3) Regulators are worried about cybersecurity and the robustness of technology systems in general.

Payments and Fintech: Addressing Key EU, UK and U.S. Cybersecurity Issues

Data Matters

In recent years, there has been a massive increase in the volume of data maintained and processed by payment service providers. Regulators and policymakers on both sides of the Atlantic are imposing increasingly prescriptive cybersecurity regulatory frameworks and closer scrutiny upon companies, while new and escalating cybersecurity threats challenge standard safeguards. Partner, Privacy and Cybersecurity Practice, Washington, D.C.

U.S. Indicts North Korean Hackers in Theft of $200 Million

Krebs on Security

Prosecutors say the hackers were part of an effort to circumvent ongoing international financial sanctions against the North Korean regime. million in August 2020 from a financial services company based in New York. The U.S.

Third-Party Risk Management: NY DFS Regulation Compliance

Data Breach Today

Ted Augustinos of Locke Lord LLP Addresses the Challenges Defining the scope of third-party risk is challenging, says Ted Augustinos of Locke Lord LLP, who discusses compliance with the New York Department of Financial Services' cybersecurity regulation

New York Enacts Stricter Data Cybersecurity Laws

Data Matters

Together, the new laws require the implementation of reasonable data security safeguards, expand breach reporting obligations for certain types of information, and require that a “consumer credit reporting agency” that suffers a data breach provide five years of identity theft prevention services for impacted residents. The Identity Theft Prevention and Mitigation Services Act. More State Privacy and Cybersecurity Legal Developments on the Horizon.

How Microsoft Word “Protected View” Stops Information Leaks

Perficient Data & Analytics

Make sure you use two-factor authentication for all services that offer them. Never re-use passwords across services. Keep your knowledge up-to-date by paying attention to cybersecurity awareness programs. Microsoft Word has long offered support for loading images and templates over the network. This is a great feature within corporate environments because it facilitates the reuse of assets like logos and corporate document templates.

Retail Banks’ Lofty Goals and Where to Start


Retail banks in the United States face a whole host of challenges including customer confidence, regulatory compliance, attracting new customers, cybersecurity, utilizing big data and mastering social media, to name a few. According to an article by The Financial Brand , retail banks’ top priorities include: using big data, AI and advanced analytics. Financial Services artificial intelligence banking banks Retail banks

Privacy and Cybersecurity Top 10 for 2018

Data Matters

This past year was marked by ever more significant data breaches, growing cybersecurity regulatory requirements at the state and federal levels and continued challenges in harmonizing international privacy and cybersecurity regulations. As we begin this New Year, here is list of the top 10 privacy and cybersecurity issues for 2018: EU GDPR. A Pivot Toward Asia for Privacy and Cybersecurity Laws. SEC on Cybersecurity and Rise of Shareholder Breach Litigation.

Peter Marta, Former Global Head of Cybersecurity Law at JPMorgan joins Hogan Lovells Privacy and Cybersecurity Practice

HL Chronicle of Data Protection

Hogan Lovells announced today that Peter Marta , the former global head of Cybersecurity and Global Security and Investigations Legal for JPMorgan Chase and Co., has joined our Privacy and Cybersecurity practice as a partner. Pete is an established leader in the banking and financial services sectors. News & Events Hogan Lovells partner Privacy and Cybersecurity

(Discussion Recap) A Perfect Storm? Panel Discussion on Handling a Cybersecurity Incident

HL Chronicle of Data Protection

On Tuesday, 3 March 2020, we welcomed our financial services clients in London to a lively panel event, which covered the multitude of issues which arise in a cybersecurity incident. Peter Marta. Arwen Handley. Philip Parish. Nicola Fulford.

US: Coronavirus – Cybersecurity considerations for your newly remote workforce

DLA Piper Privacy Matters

Working remotely, or “teleworking,” presents unique cybersecurity challenges to the employer, the employee and the supply chain, especially when being done for the first time in a rapidly changing environment. COVID-19 resource pages may also include cybersecurity information.

The Escalating Problem of Protecting Connected Devices

Data Breach Today

Plus, updates on the indictments of Chinese agents for hacking and the unveiling of the Financial Services Sector Cybersecurity Profile The latest edition of the ISMG Security Report features Kevin McDonald of the Mayo Clinic discussing how to secure connected medical devices.