April 9, 2015 - New York State's financial services watchdog is set to tighten up the rules on cyber-security standards for third party vendors working for banks after finding "significant" vulnerabilities in current relationships.

The New York State Department of Financial Services (NYDFS) surveyed 40 Wall Street banks about their relationships with third-party vendors, many of which have access to IT systems, offering a potential backdoor entrance for hackers looking to steal customer data.

Nearly a third of respondents admit that they do not require vendors to notify them if they find a cyber security breach, and fewer than half conduct any on-site assessments of their vendors.

Around one in five respondents do not require vendors to show that they have established minimum information security requirements, and only one-third of banks demand that those requirements are extended to subcontractors.

The NYDFS says that in the next few weeks it plans to push ahead with regulations strengthening cyber security standards for banks' third-party vendors, including potential measures related to the representations and warranties received about protections in place at those firms.

Superintendent Benjamin Lawsky says: "A bank's cyber security is often only as good as the cyber security of its vendors. Unfortunately, those third-party firms can provide a backdoor entrance to hackers who are seeking to steal sensitive bank customer data. We will move forward quickly, together with the banks we regulate, to address this urgent matter."