New York financial regulators say they've found gaps in cybersecurity in bank dealings with third-party vendors, noting that nearly one-third of 40 banking organizations surveyed don't require service vendors to inform them of information security breaches.
The Department of Financial Services report shows fewer than half of the banks conduct on-site assessment of their vendors, and nearly half don't require warranties' that the data and products are free of computer viruses.
Continue Reading Below
Some banks don't require representations that vendors have established minimum security measures and most don't require those measures from their vendors' subcontractors.
Department Superintendent Ben Lawsky says they expect to advance regulations strengthening cybersecurity standards for banks' vendors.