Third Party Information Security Policies Are Largest Challenge Under New Cybersecurity Regulations

CHICAGO (January 19, 2017) – A poll conducted by Baker Tilly Virchow Krause, LLP (Baker Tilly) indicates that almost 40 percent1 of financial services organizations feel the third party information security policy provisions under the new cybersecurity regulations from the New York Department of Financial Services (NY DFS) will be the largest challenge for compliance.

“Third party risk management has become extremely complex in today’s highly outsourced and cloud-based world,” Christopher Tait, MBA, CISA, CFSA, CCSK, HITRUST CCSFP, principal with Baker Tilly’s risk and internal audit practice, said. “Companies are using a multitude of specialized vendors to support operations. With the increased sophistication of breaches and rise of specific cybersecurity regulations affecting the organization and its vendors, organizations need to take a renewed look at their programs and policies.”

The NY DFS regulations include identifying and assessing the risk of utilizing third parties with access to sensitive information, minimum cybersecurity practices required to be met by third party organizations, due diligences processes used to evaluate the cybersecurity practices of third party vendors, and periodic assessments of the third party’s cybersecurity practices.

Russ Sommers, CPA, CISA, senior manager with Baker Tilly’s financial services risk and internal audit practice, noted, “It’s critical for financial services organizations to build a sustainable vendor management process that involves all relevant stakeholders and utilizes a risk based approach to focus resources appropriately.”

Baker Tilly recently held an educational webinar, “Understanding the new NY DFS cybersecurity regulations,” to assist financial services organizations in understanding the new cybersecurity regulations and steps they will need to take to comply.

The Baker Tilly webinar discussed:

  • What the new cybersecurity regulations entail and when they are effective
  • What the key differences are from other frameworks and regulations
  • What main areas companies will need to evaluate to prepare for compliance

Presentation slides and a recording of the webinar are available at bakertilly.com/insights/understanding-the-new-nydfs-cybersecurity-regulations.

About Baker Tilly Virchow Krause, LLP (bakertilly.com)

Baker Tilly Virchow Krause, LLP (Baker Tilly) is a nationally recognized, full-service accounting and advisory firm whose specialized professionals connect with clients and their businesses through refreshing candor and clear industry insight. With approximately 2,700 employees across the United States, Baker Tilly is ranked as one of the 15 largest accounting and advisory firms in the country. Headquartered in Chicago, Baker Tilly is an independent member of Baker Tilly International, a worldwide network of independent accounting and business advisory firms in 141 countries, with 28,000 professionals. The combined worldwide revenue of independent member firms is $3.8 billion.

139 percent of respondents answered “Third party information security policy” to a poll question during Understanding the new NY DFS cybersecurity regulations webinar on December 8, 2016.