Why mounting regulatory pressure is driving US Financial Services firms to address cyber risk
With the acceleration of digital transformation in the financial sector, it is easier than ever before to open accounts or apply for loans and mortgages. Whilst these digital services can significantly enhance the customer banking experience, it brings new security challenges for the industry to address.
While every industry is subject to cyber-attacks, the banking and financial services sector remains a lucrative target for cyber criminals who want to get their hands on sensitive, personal data. The average cost of a data breach in the financial services sector is among the highest of any industry, at $5.85 million (Varonis, 2021).
Financial institutions should aim to strengthen cybersecurity practices and proactively, build resilience by focusing on risk. Failure to do so can be extremely damaging.
Earlier this month, the New York State Department of Financial Services (DFS) issued a $1.5M penalty under its cybersecurity regulations (23 NYCRR Part 500) to a licensed mortgage lender, Residential Mortgage Services, Inc. for failing to:
- Implement an adequate cyber incident response plan.
- Conduct comprehensive cybersecurity risk assessments despite the CISO filing a certification with DFS that it was in full compliance with the cybersecurity regulations.
- Protect a significant amount of sensitive personal data of mortgage loan applicants, including bank account details.
- Investigate the scope of the breach until prompted to do so by DFS.
- Report a cybersecurity incident within 72 hours of its occurrence after falling victim to a phishing scam in 2019.
- Notify affected individuals of the situation.
To keep your organization compliant with cybersecurity and data protection regulations, it is important to regularly review cybersecurity controls and policies to ensure they are implemented and effective.
Contact the Acuity team today to see how we help our customers in the financial sector manage risk while demonstrating compliance.