Countdown to Compliance: Is the Financial Services Industry Ready for New York State’s Cybersecurity Regulations? sponsored by Fasoo and conducted by Ponemon Institute1, highlights the challenges financial firms doing business in New York state face in order to comply with new cybersecurity regulations (NYDFS 23 NYCRR 500). The new governance went into effect on March 1, 2017 and includes deadlines for firms to implement procedures and solutions to achieve compliance with the new standards.

Ponemon Institute surveyed 564 individuals in the financial services industry who are familiar with the regulations to understand how financial services firms are addressing compliance with demanding new cybersecurity requirements, that apply to all nonpublic information at rest, in transit and shared with third parties. These individuals primarily work in their organizations’ IT, IT security and compliance functions. A variety of financial services organizations are represented in the study, including banking, insurance and brokerage/investment management.

The new regulations require companies to assess their specific cybersecurity risk profile and design a program that addresses their risks in a “robust fashion.” However, as shown in this research, it is expected that companies will have difficulty achieving compliance with the given timelines. As Figure 1 reveals, 60 percent of respondents say achieving compliance with NYDFS will be more difficult than other regulations such as SOX, GLBA and PCI DSS. Moreover, 63 percent of respondents are only somewhat confident (24 percent) or not confident (39 percent) that the nonpublic information provided to NYDFS will be protected from public disclosure.