What's Happening?
The New York State Department of Financial Services (DFS) has issued a warning to insurance companies and financial institutions regarding cyber risks associated with third-party service providers (TPSPs). The DFS emphasizes the importance of maintaining
internal risk management controls when utilizing TPSPs, which include technologies like cloud computing and artificial intelligence. Acting Superintendent Kaitlin Asrow stresses that while TPSPs offer innovation and efficiency, regulated entities must protect consumer data and manage risks effectively. The guidance calls for active engagement in cybersecurity risk management by senior governing bodies and officers.
Why It's Important?
This warning from the DFS underscores the growing concern over cybersecurity threats in the financial sector, particularly from third-party providers. As financial institutions increasingly rely on external technologies, the risk of data breaches and cyber attacks rises. The guidance aims to ensure that entities remain accountable for safeguarding consumer information, which is crucial for maintaining trust and compliance with regulations. The emphasis on proactive risk management reflects the need for robust cybersecurity strategies to protect sensitive data and prevent financial losses.
What's Next?
Financial institutions are expected to implement tailored, risk-based plans to mitigate risks posed by TPSPs. The DFS will continue to monitor compliance and may take enforcement actions against entities lacking appropriate risk management practices. Institutions must assess the cybersecurity risks of TPSPs and establish minimum standards for engagement. This ongoing scrutiny by the DFS will likely lead to increased investment in cybersecurity measures and heightened awareness of third-party risks.
