Cybersecurity Incident Response Planning Needs Most Improvement for New Regulations

CHICAGO (April 3, 2017) – A poll conducted by Baker Tilly Virchow Krause, LLP (Baker Tilly) showed nearly 28 percent1 of financial services organizations indicated a need to improve incident response planning in order to comply with the finalized New York Department of Financial Services (NYS DFS) cybersecurity regulations. However, only 22 percent2 of entities are regularly testing these plans.

“There’s a saying in the cybersecurity world, ‘It’s not a matter of if, but when something bad is going to happen to an organization,’” Christopher Tait, MBA, CISA, CFSA, CCSK, HITRUST CCSFP, principal with Baker Tilly’s financial services risk and internal audit practice, said. “This inevitability is why these and many other cybersecurity regulations are being proposed and implemented.”

“Incident response plans are a critical piece of an effective cybersecurity program,” Chris Anderson, CPA, CITP, managing partner of assurance and firm financial services industry leader, said. “Similar to business continuity and disaster recovery plans, incident response plans need to be tested often to ensure the entity can execute the plan when it’s needed.”

Baker Tilly recently held an educational webinar, “How to begin preparing for the finalized NYS DFS cybersecurity regulations,” to assist financial services organizations in understanding the final cybersecurity regulations and additional best practices organizations can implement to safeguard their proprietary information.

The Baker Tilly webinar discussed:

  • The NYS DFS cybersecurity law
  • Provisions that are in effect now
  • Cybersecurity best practices

Presentation slides and a recording of the webinar are available at

About Baker Tilly Virchow Krause, LLP (

Baker Tilly Virchow Krause, LLP (Baker Tilly) is a nationally recognized, full-service accounting and advisory firm whose specialized professionals connect with clients and their businesses through refreshing candor and clear industry insight. With approximately 2,800 employees across the United States, Baker Tilly is ranked as one of the 15 largest accounting and advisory firms in the country. Headquartered in Chicago, Baker Tilly is an independent member of Baker Tilly International, a worldwide network of independent accounting and business advisory firms in 147 territories, with 33,600 professionals. The combined worldwide revenue of independent member firms is $3.4 billion.

127.8 percent of respondents answered “500.16 Incident Response Plan” to a poll question during How to begin preparing for the finalized NYS DFS cybersecurity regulations webinar on March 15, 2017.
22.2 percent of respondents answered “We maintain robust incident response policies and procedures, perform testing frequently with relevant stakeholders and use the results from testing to guide IT strategy and investment" to a poll question during How to begin preparing for the finalized NYS DFS cybersecurity regulations webinar on March 15, 2017.