This month, the New York State Department of Financial Services ("the Department") released results from a survey conducted in 2013 on cyber security. 154 institutions completed the survey, representing 60 community and regional banks, 12 credit unions, and 82 foreign branches and agencies. The survey asked questions regarding information security framework; corporate governance around cyber security; use and frequency of penetration testing and results; budget and costs associated with cyber security; the frequency, nature, cost of, and response to cyber security breaches; and future plans on cyber security. [more]
In conclusion, the Department states:
"As part of its continuing efforts in this area, the Department plans to expand its IT examination procedures to focus more fully on cyber security. The revised examination procedures will include additional questions in the areas of IT management and governance, incident response and event management, access controls, network security, vendor management, and disaster recovery. The revised procedures are intended to take a holistic view of an institution's cyber readiness and will be tailored to reflect each institution's unique risk profile. The Department believes this approach will foster smarter, stronger cyber security programs that reflect the diversity of New York's financial services industry."
This report comes on the hills of the FFIEC webinar, Executive Leadership of Cybersecurity: What Today's CEO Needs to Know About the Threats They Don't See in which the FFIEC introduced expectations of new examination procedures.
To read the full Report on Cyber Security in the Banking Sector by the New York State Department of Financial Services can be found here - http://www.dfs.ny.gov/about/press2014/pr140505_cyber_security.pdf