NY Financial Regulators Weigh Cybersecurity Requirements
New York regulators are considering a host of cybersecurity requirements for banks and insurers and are urging other state and federal authorities to collaborate on establishing a framework of defenses for the financial sector.
Financial Services Superintendent Anthony Albanese says in a letter Tuesday to other regulators that his agency has surveyed more than 150 banks and 43 insurers since 2013 and begun conducting risk assessments of financial institutions.
They have concluded companies have taken significant steps but will be challenged by increasingly sophisticated threats and "robust regulation" is needed.
New York's key proposals would require written cybersecurity policies implemented in areas ranging from access controls to incident responses.
Managing third-party providers would require multi-factor identity authentication, use of data encryption, loss indemnification, warranties, incident notices and audits.
Copyright 2015 The Associated Press.