A new survey by the Ponemon Institute reports that less than half of the financial institutions covered by New York’s sweeping new cybersecurity regulation say they will “likely” meet next February’s compliance deadline. And even more stunning is the fact that only 13% of those institutions surveyed reported “with certainty” that they would be in full compliance with the regulation by next year.

As we have reported, last March, New York’s top banking and insurance regulator, the New York Department of Financial Services, issued its “first-in-the-nation” cybersecurity regulation for financial institutions. The regulation affects more than 3,000 banks and insurers – from multinational giants with branch offices in New York to smaller family-owned banks – and will require DFS regulated institutions to comply with a detailed series of data security requirements.

The Ponemon Institute surveyed 564 respondents in the financial services industry to test compliance preparedness. The respondents work mostly in their organization’s IT, IT security, and compliance areas.

Here are the key findings of the study:

  • The vast majority of respondents said their firms will need additional time for compliance. Of the more than 50% that said it was “unlikely” their institution would meet the February 2018 compliance deadline, 28% said there was “no chance” they would meet it.

  • Only 36% of respondents rate their company’s DFS-required cybersecurity program to prevent a cyber-attack as “highly effective.”

  • And the overwhelming majority of respondents – 71% - said it will be difficult to comply with the regulation’s governance requirements. Seventy-one percent said having cybersecurity personnel manage their institution’s cyber risk is “highly difficult to achieve.”

Over the next week, we will take a much closer look at the Ponemon survey and its findings. Stay tuned.