One-third of banks don’t mandate vendors’ minimum cybersecurity standards

dollar-505516_640A survey by the New York Department of Financial Services has found that Wall Street banks and other financial institutions need to further strengthen their cybersecurity measures, including those of their vendors.

“A bank’s cyber security is often only as good as the cyber security of its vendors,” said Benjamin Lawsky, superintendent of the New York regulator that oversees major banks and insurance firms such as Barclays, Goldman Sachs, and MetLife.

“Unfortunately, those third-party firms can provide a backdoor entrance to hackers who are seeking to steal sensitive bank customer data,” Lawsky said.

According to the survey of 40 banks:

  • One in three banks don’t currently require third-party vendors to alert them about information security breaches or other cybersecurity intrusions.
  • Fewer than half of the banks surveyed don’t conduct any on-site assessments of third-party vendors.
  • One-third of banks don’t require third-party vendors to mandate similar cybersecurity requirements.

It is quite disturbing to hear that one of the world’s largest banking districts has such a poor attitude to cybersecurity.

Just last year, JPMorgan Chase was hit by a cyber attack that compromised 76 million households and 7 million small businesses.

A number of our customers’ corporate clients are now demanding that they achieve ISO 27001 registration – the internationally recognized information security standard – in order to do business with them.

The Standard describes the best-practice specifications for an information security management system (ISMS) that allows firms to manage the confidentiality, integrity, and availability of their information assets.

ISO 27001 is recognized worldwide as a standard for information security, and organizations worldwide are increasingly looking to achieve registration to prove to their corporate clients and other stakeholders that they take cybersecurity seriously. In fact, ISO 27001 registration grew 36% in 2013 in the US, according to the latest ISO Survey, and the US holds the tenth largest number of ISO 27001-registered companies worldwide.

If you’re looking to win new business with corporate clients by proving your commitment to cybersecurity, while reducing the risk of a data breach in your organisation, then our fixed-price ISO 27001 packaged solutions are for you. Designed to suit your budget, business needs, and time frame, our five packaged solutions offer varying degrees of help and support to suit you.

Find out more >>ISO 27001 Packaged Solutions

One Response

  1. bart corredera April 23, 2015