While many U.S. companies beef up their cybersecurity measures, studies show little attention is being paid to requiring their business partners to do the same.
As a result, it becomes easier for hackers to simply slip in through the third-party-vendor back door. The New York State Department of Financial Services (NYDFS) recently released the results of a cybersecurity survey of 40 banking organizations, including many of the largest institutions it regulates. The report Update on Cyber Security in the Banking Sector: Third Party Service Providers, reveals that banks are not conducting sufficient due diligence regarding the privacy and data security measures adopted by third-parties vendors that have access to the banks’ sensitive financial data.
As the NYDFS report highlights, third-party vendors, ranging from check/payment processors to legal counsel to HVAC technicians, often have access to bank technology systems, which can provide a potential point of entry for hackers. However, many of the financial institutions surveyed are simply taking the word of their business partners that they have the proper cybersecurity protections in place.
Below are several of the NYDFS survey’s key findings:
Nearly 1 in 3 of the banks surveyed do not require their third-party vendors to notify them in the event of cybersecurity breach.
Less than half of the banks surveyed perform any on-site assessments of their third-party vendors.
Approximately 1 in 5 banks surveyed don’t require third-party vendors to represent that they have established minimum information security requirements.
Nearly half of the banks do not require a warranty of the integrity of the third-party vendor’s data or products (e.g., that the data and products are free of viruses).
In light of its findings, the NYDFS plans to move forward on banking regulations intended to strengthen the cybersecurity standards for third-party vendors. Superintendent Lawsky said: “A bank’s cyber security is often only as good as the cyber security of its vendors. Unfortunately, those third-party firms can provide a backdoor entrance to hackers who are seeking to steal sensitive bank customer data. We will move forward quickly, together with the banks we regulate, to address this urgent matter.”
The agency is also in the process of conducting a similar survey regarding the cybersecurity of third-party vendors who service the insurance companies it oversees.
High-profile founder litigation is more than just a media spectacle. For startup founders, these cases underscore the legal and structural risks that can arise when rapid growth outpaces formal oversight. While launching a new company can be both an exciting and deeply rewarding endeavor, founders must be mindful that it also comes with significant risks. […]
Corporate Governance Reviews: A Practical Guide for New Jersey Companies
Every New Jersey company should periodically evaluate its governance framework. Strong corporate governance protects directors and officers, builds investor confidence, reduces litigation exposure, and positions a company for sustainable growth. The first quarter of the year is a great time to evaluate your corporate governance practices and perform any routine maintenance needed to keep that […]
What to Do After Being Served with a Lawsuit: Steps to Protect Your Legal Rights
Being served with a lawsuit is one of the most stressful legal events a business or individual can face. Whether the claim involves a contract dispute, an employment matter, an intellectual property issue, or another legal challenge, the actions you take in the first few days can significantly shape the outcome of your case. Acting […]
Will 2026 Be a Banner Year for SPACs? Understanding the Risks and Opportunities
Special Purpose Acquisition Companies (SPACs) continue to gain momentum as we move through 2026. After enduring a significant contraction following the 2021 boom and the regulatory scrutiny that followed, SPAC activity rebounded sharply in 2025 and now carries forward into 2026 with real momentum. The SPAC resurgence reflects broader improvements in both market conditions and the […]
Why Compliance Monitoring Matters for NY and NJ Businesses
Compliance programs are no longer judged by how they look on paper, but by how they function in the real world. Compliance monitoring is the ongoing process of reviewing, testing, and evaluating whether policies, procedures, and controls are being followed—and whether they are actually working. What Is Compliance Monitoring? In today’s heightened regulatory environment, compliance […]
When Are New Jersey Business Owners Personally Liable for Corporate Debt?
New Jersey personal guaranty liability is a critical issue for business owners who regularly sign contracts on behalf of their companies. A recent New Jersey Supreme Court decision provides valuable guidance on when a business owner can be held personally responsible for a company’s debt. Under the Court’s decision in Extech Building Materials, Inc. v. […]
No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.
Sign up to get the latest from our attorneys!
Explore What Matters Most to You.
Consider subscribing to our Firm Insights mailing list by clicking the button below so you can keep up to date with the firm`s latest articles covering various legal topics.
Stay informed and inspired with the latest updates, insights, and events from Scarinci Hollenbeck. Our resource library provides valuable content across a range of categories to keep you connected and ahead of the curve.
Let`s get in touch!
Sign up to get the latest from the Scarinci Hollenbeck, LLC attorneys!
