New York’s financial watchdog has issued new guidance on cybersecurity risks connected to third-party service providers.
The guidance, announced Tuesday (Oct. 21) by the New York State Department of Financial Services (DFS), comes as organizations become increasingly dependent on such providers, and cyberattacks involving third-party entities continue to grow.
“While third-party service providers have driven innovation and enabled significant efficiencies in our financial system, regulated entities are still ultimately accountable for protecting consumers and managing risk,” Kaitlin Asrow, acting superintendent of the NYDFS, said in a news release.
“To ensure the safe and secure operation of financial services and the protection of nonpublic information, entities must establish and maintain appropriate internal risk management controls when using third-party service providers.”
According to the release, the guidance does not impose new requirements or obligations on DFS-regulated entities but is designed to clarify requirements under DFS’s cybersecurity regulation and share best practices that entities should think about implementing.
As covered here last month,…
