WARREN, NJ--(Marketwired - Apr 20, 2017) - Prevalent, Inc., the leader in Third-Party Risk Management and vendor threat intelligence, today announced findings of its flash poll of IT, security and compliance professionals in banking and finance. The survey was conducted in March 2017 in conjunction with its American Banker "The State of NY Strikes Again" thought leadership webinar on New York State's new Cybersecurity Requirements (23 NYCRR 500).
The webinar attracted more than 1,100 financial, banking and services IT and security professionals responsible for or participating in their organization's readiness for New York State's new sweeping cybersecurity regulations (NYCRR 500). More than 600 attendees participated in the live poll.
Risk and compliance experts provided both high-level requirements under the statute and specific key, pragmatic steps organizations can and should immediately take. Brad Keller, CTPRP, JD, and Prevalent Senior Director of Third-Party Risk, provided market-proven third-party risk management measures based on Prevalent's years of experience successfully helping organizations of all sizes navigate third- and fourth-party cyber risks.
When asked about their organization's understanding of the New York State cybersecurity requirements for financial services companies and those organizations licensed by the State of New York to transact with them:
- 13 percent of all respondents said their organization fully understands and is actively working on compliance requirements, and another 23 percent stated that their organization has a strong working knowledge and is developing a response plan.
- An additional 29 percent reported that their organization is aware of the regulation and has formed a task force or committee to better understand what's required for compliance and the various deadlines within the two-year timeline for compliance.
- A full 34 percent of attendees stated that their organization needed further information to understand compliance requirements and deadlines.
When asked about their organization's current readiness to satisfy the requirements of the regulation for financial services companies:
- Just 17 percent reported that their organizations were ready to satisfy all high-level requirements of the legislation.
- 49 percent reported having the majority (more than 50 percent) of requirements already in place.
- 14 percent reported having in place the necessary components to comply with between 25-50 percent of the new regulatory requirements.
- A full 20 percent reported either having less than 25 percent of requirements currently in place for compliance (seven percent) or needing more knowledge about requirements and timeframes (18 percent).
Prevalent's Brad Keller said, "The overwhelming majority of attendees were looking to partner with market-proven leaders in the cybersecurity space to safeguard their organization and future-proof third-party risk management and regulatory compliance.
"Like New York State, more and more regulators, state agencies, investors, and other stakeholders are connecting the dots between financial health and cyber security. Prevalent customers knew ahead of the curve that New York State's NYCRR 500 is likely to serve as a model for other states' cybersecurity requirements because it addresses third party risk -- which is all too often the soft underbelly of many enterprises' cyber security defenses. This is why leading financial, banking and services organizations are leveraging the market-proven insight of Prevalent, the acknowledged leader in third party risk management."
Recently named the Fastest Growing Cybersecurity Company Firm in the Cybersecurity Excellence Award's 50 to 100 person category, Prevalent, Inc. is the pioneer in third-party risk management and cyber threat intelligence. Prevalent introduced the only Unified Platform for Third-Party Risk Management and the first Exchange, with the release of Synapse Exchange™. With Exchange, vendor evidence (questionnaires, surveys, certifications, etc.) is either collected for you by Prevalent, or contributed to the Exchange by the vendor. Exchange participants simply request access to the evidence, and after a quick vendor approval, it's available for review.