Third Party Information Security Policies Are Largest Challenge Under New Cybersecurity Regulations

CHICAGO (January 19, 2017) – A poll conducted by Baker Tilly Virchow Krause, LLP (Baker Tilly) indicates that almost 40 percent1 of financial services organizations feel the third party information security policy provisions under the new cybersecurity regulations from the New York Department of Financial Services (NYS DFS) will be the largest challenge for compliance.

“Third party risk management has become extremely complex in today’s highly outsourced and cloud-based world,” Christopher Tait, MBA, CISA, CFSA, CCSK, HITRUST CCSFP, principal with Baker Tilly’s risk and internal audit practice, said. “Companies are using a multitude of specialized vendors to support operations. With the increased sophistication of breaches and rise of specific cybersecurity regulations affecting the organization and its vendors, organizations need to take a renewed look at their programs and policies.”

The NYS DFS regulations include identifying and assessing the risk of utilizing third parties with access to sensitive information, minimum cybersecurity practices required to be met by third party organizations, due diligences processes used to evaluate the cybersecurity practices of third party vendors, and periodic assessments of the third party’s cybersecurity practices.

Russ Sommers, CPA, CISA, senior manager with Baker Tilly’s financial services risk and internal audit practice, noted, “It’s critical for financial services organizations to build a sustainable vendor management process that involves all relevant stakeholders and utilizes a risk based approach to focus resources appropriately.”

Baker Tilly recently held an educational webinar, “Understanding the new NYS DFS cybersecurity regulations,” to assist financial services organizations in understanding the new cybersecurity regulations and steps they will need to take to comply.

The Baker Tilly webinar discussed:

  • What the new cybersecurity regulations entail and when they are effective
  • What the key differences are from other frameworks and regulations
  • What main areas companies will need to evaluate to prepare for compliance

Presentation slides and a recording of the webinar are available at

About Baker Tilly Virchow Krause, LLP (

Baker Tilly Virchow Krause, LLP (Baker Tilly) is a leading advisory, tax and assurance firm whose specialized professionals guide clients through an ever-changing business world, helping them win now and anticipate tomorrow. Headquartered in Chicago, Baker Tilly, and its affiliated entities, have operations in North America, South America, Europe, Asia and Australia. Baker Tilly is an independent member of Baker Tilly International, a worldwide network of independent accounting and business advisory firms in 147 territories, with 33,600 professionals. The combined worldwide revenue of independent member firms is $3.4 billion. Visit or join the conversation on LinkedInFacebook and Twitter.

139 percent of respondents answered “Third party information security policy” to a poll question during Understanding the new NYS DFS cybersecurity regulations webinar on December 8, 2016.