SUMMARY
Poll results announced recently from Prevalent, Inc., the leader in cybersecurity third-party risk management, show that New NY State Cybersecurity Regulations Are Driving Financial Services Organizations to Action - but more than a third aren't fully clear on what they need to do. The regulations are widely considered to be a potential US national model for cybersecurity requirements.
More than 600 IT and security pros in financial services answered a flash poll from American Banker and Prevalent about their organization's readiness for 23 NYCRR 500 cybersecurity regulations, and the various mandates that take effect from now through 2019.
34 percent of respondents said their organization needed further information to understand compliance requirements and deadlines;
20 percent of respondents reported that their organizations had less than a quarter of the requirements currently in place for compliance (seven percent) or needed more knowledge about requirements and timeframes (18 percent).
"Like New York State, more and more regulators, state agencies, investors, and other stakeholders are connecting the dots between financial health and cyber security... New York State's NYCRR 500 is likely to serve as a model for other states' cybersecurity requirements because it addresses third party risk -- which is all too often the soft underbelly of many enterprises' cyber security defenses," said Brad Keller, CTPRP, JD, and Prevalent Senior Director of Third-Party Risk.
WARREN, NJ: Prevalent, Inc., the leader in Third-Party Risk Management and vendor threat intelligence, today announced findings of its flash poll of IT, security and compliance professionals in banking and finance. The survey was conducted in March 2017 in conjunction with its American Banker "The State of NY Strikes Again" thought leadership webinar on New York State's new Cybersecurity Requirements (23 NYCRR 500).
The webinar attracted more than 1,100 financial, banking and services IT and security professionals responsible for or participating in their organization's readiness for New York State's new sweeping cybersecurity regulations (NYCRR 500). More than 600 attendees participated in the live poll.
Risk and compliance experts provided both high-level requirements under the statute and specific key, pragmatic steps organizations can and should immediately take. Brad Keller, CTPRP, JD, and Prevalent Senior Director of Third-Party Risk, provided market-proven third-party risk management measures based on Prevalent's years of experience successfully helping organizations of all sizes navigate third- and fourth-party cyber risks.
When asked about their organization's understanding of the New York State cybersecurity requirements for financial services companies and those organizations licensed by the State of New York to transact with them:
13 percent of all respondents said their organization fully understands and is actively working on compliance requirements, and another 23 percent stated that their organization has a strong working knowledge and is developing a response plan.
An additional 29 percent reported that their organization is aware of the regulation and has formed a task force or committee to better understand what's required for compliance and the various deadlines within the two-year timeline for compliance.
A full 34 percent of attendees stated that their organization needed further information to understand compliance requirements and deadlines.
When asked about their organization's current readiness to satisfy the requirements of the regulation for financial services companies:
Just 17 percent reported that their organizations were ready to satisfy all high-level requirements of the legislation.
49 percent reported having the majority (more than 50 percent) of requirements already in place.
14 percent reported having in place the necessary components to comply with between 25-50 percent of the new regulatory requirements.
A full 20 percent reported either having less than 25 percent of requirements currently in place for compliance (seven percent) or needing more knowledge about requirements and timeframes (18 percent).
Prevalent's Brad Keller said, "The overwhelming majority of attendees were looking to partner with market-proven leaders in the cybersecurity space to safeguard their organization and future-proof third-party risk management and regulatory compliance.
"Like New York State, more and more regulators, state agencies, investors, and other stakeholders are connecting the dots between financial health and cyber security. Prevalent customers knew ahead of the curve that New York State's NYCRR 500 is likely to serve as a model for other states' cybersecurity requirements because it addresses third party risk -- which is all too often the soft underbelly of many enterprises' cyber security defenses. This is why leading financial, banking and services organizations are leveraging the market-proven insight of Prevalent, the acknowledged leader in third party risk management."