Source On New York State Cyber Security Regulations

Following the news about the growing threats from cyber-attacks to financial institutions, New York State officially implemented new regulations that require banks and insurers to meet certain cyber security standards. But many are concerned that, with the range of threats facing organizations, the regulations will fall short of truly protecting consumers and organizations from breaches and hacks. Ed Adshead-Grant, General Manager of Payments at Bottomline Technologies commented below.

Ed Adshead-Grant, General Manager of Payments at Bottomline Technologies:

“In its current form, the cyber security regulation proposed by New York State for banks and insurers is missing the mark, as it fails to address one key consideration: open banking. With the adoption of the PSD2 regulation in Europe, we’re already seeing financial institutions across the pond implementing new technologies like open APIs, and it’s clear that the trend will come to the US as well. The introduction of these technologies will give way to new security threats, requiring banks and insurers to implement real-time monitoring systems to identify and flag suspicious activity. While the proposed regulation’s requirement of multi-factor authentication is a solid step toward heightening security, that alone will not solve security problems if auditors are not watching how users – both internally and externally – are behaving in real-time.”