The NY State Department of Financial Services has announced new IT examination procedures for banks chartered or licensed in NYS to focus on cyber security. The announcement, found here, sets out areas of focus in upcoming examinations, including written policies and procedures, intrusion protection, information security testing (including penetration testing), employee training, and cyber insurance coverage. The announcement is an extension of prior DFS pronouncements concerning the cyber threat to the banking system, including the May 2014 statement of plans to conduct regular assessments of banks’ cybersecurity effectiveness, and its “Report on Cyber Security in the Banking Sector” found here

This effort follows the 2013 information gathering exercise conducted by DFS with respect to the cyber security profile of the largest insurance companies, reported here.