When dealing with successful and unsuccessful hacking attempts, financial services firms can no longer take the “no new is good news” approach.
Under New York State Department of Financial Service’s cyber-security regulation, which went into effect earlier this year, those firms supervised by the state regulator must report all hacks and attempted hacks to the NYSDFS via its online portal.
All of the approximately 1,200 financial services firms regulated by the NYSDFS, should have registered their organizations on the portal by August 28.
Many firms still may be waiting to register since the NYSDFS did not have the portal up until a week before the deadline, Michael Corcione, managing director of cyber-security and data protection consulting services at Cordium, told Markets Media.
“I doubt many firms even have registered with the website or even realized what their reporting processes are,” he said. ” I just think many firms are way behind.”
Those financial companies that are tempted to delay their registration further should think again, according to Corcione.
“The NYSDFS will be able to use analytics to see who has signed up with the portal and who has not,” he said. “They will have a list and can match names. Those who signed up early will be low on its radar. Those who signed up late will be high on their radar.”
However, once firms are registered, they still will need to report hacking incidents and attempted hacking incidents.
“What you report as an incident depends on what your policy defines as an incident, Corcione explained. “One company may call a phishing email attack an incident while another firm may not because it did not penetrate certain barriers of the organization.”
Under-reporting incidents also may expose firms to NYSDFS Matter Requiring Attention or Matter Requiring Immediate Attention notices and ultimately fines.
The NYSDFS is going to expect to see some “noise” and activity, according to Corcione.
He expects the regulator to hire data scientists and analyst to review the data similar to how the Securities and Exchange Commission has to evaluate trading trends of insider trading.
It is bad behavior using sensitive information, he noted. “The NYSDFS will do the same thing to see how firms are adhering to the requirements they put out. This is why you should pay attention to the portal reporting requirement. If you try to stay under the radar, you are going to race to the top.”
NEWSLETTER SIGN UP
And receive exclusive articles on securities markets
Pension funds, sovereign wealth funds, endowments and other institutional asset owners are sitting on vast troves of data -- but extracting value from that data is more challenging than ever.
#AssetOwners #DataQuality
Technology costs in asset management have grown disproportionately, but McKinsey research finds the increased spending hasn’t consistently translated into higher productivity.
#AI #Fiance
We're in the FINAL WEEK for the European Women in Finance Awards nominations – don't miss your chance to spotlight the incredible women driving change in finance!
#WomenInFinance #FinanceAwards #FinanceCommunity #EuropeanFinance @WomeninFinanceM
ICYMI: @marketsmedia sat down with EDXM CEO Tony Acuña-Rohter to discuss the launch of EDXM International’s perpetual futures platform in Singapore and what it means for institutional crypto trading.
Read the full interview: https://bit.ly/45xRUWh
Related articles
-
The SEC erased nearly a year’s worth of text messages sent and received by former Chair Gary Gensler.
-
The regulator's emails and email attachments were subject to unauthorized access.
-
PQC aims to strengthen communication and data security as quantum computing advances.
-
The DORA compliance deadline is just three months away.
-
Quantum computing poses a major cybersecurity concern as it can break cryptography & encryption algorithms.
We're Enhancing Your Experience with Smart Technology
We've updated our Terms & Conditions and Privacy Policy to introduce AI tools that will personalize your content, improve our market analysis, and deliver more relevant insights.These changes take effect on Aug 25, 2025.
Your data remains protected—we're simply using smart technology to serve you better. [Review Full Terms] | [Review Privacy Policy] By continuing to use our services after Aug 25, 2025, you agree to these updates.
