New York banks, insurers and other financial institutions could soon see implementations of stricter online security standards that would make it harder for hackers to penetrate their systems, as Governor Andrew M. Cuomo on Wednesday introduced a proposed regulation that seeks to establish a cybersecurity program for New York State’s finance industry.
In an official press release, Gov. Cuomo revealed that the proposal could pave the way for the first-in-the-nation regulation that would mandate the financial services companies to put up and sustain a cybersecurity program that protects consumer accounts from getting hacked or breached.
"New York, the financial capital of the world, is leading the nation in taking decisive action to protect consumers and our financial system from serious economic harm that is often perpetrated by state-sponsored organizations, global terrorist networks, and other criminal enterprises," Gov. Cuomo said, adding that this cybersecurity regulation would be an affective means of ensuring that financial services companies are protecting their clients from cyber-attacks.
The proposed regulation entails the limited access of banks and other companies to sensitive data of their clients, such as their social security numbers. Only a select few would be privy to the sensitive information and even when they have access to such data, they would still be required to do multiple steps to confirm their identities.
Engadget reports finance companies covered by the proposed law would also be required to do constant monitoring of their defenses against hackers and appoint people to produce reports on potential cybersecurity holes at least two times a year. Furthermore, the board chairs of the companies would be expected to file for annual certifications to prove that they are following the law.
The end goal for the proposed law is for the general customers to have that confidence in disclosing sensitive information to the financial institution of their choice. The proposed regulation was made by the New York State Department of Financial Services, and the department’s superintended, Maria T. Vullo, has confirmed that this law seeks to minimze vulnerabilities in the existing cybersecurity programs of finance companies.
“DFS designed this groundbreaking proposed regulation on current principles and has built in the flexibility necessary to ensure that institutions can efficiently adapt to continued innovations and work to reduce vulnerabilities in their existing cybersecurity programs. Regulated entities will be held accountable and must annually certify compliance with this regulation by assessing their specific risk profiles and designing programs that vigorously address those risks,” Vullo said.