Craig Carpenter Quoted on New Cybersecurity Rules in Financial Industry

Craig Carpenter was quoted in a Bloomberg BNA Banking Daily article discussing the New York Department of Financial Services’ potential new cybersecurity reporting requirements. In the article, Craig states that “many of the issues raised in the DFS letter, such as requiring a written cybersecurity plan or expectations from vendors, are already covered by state or federal regulations.”  He further notes that “New York’s early proposals go a step beyond many of the existing, vague regulations to require specific cybersecurity ‘best practices’ by including, for example, detailed descriptions of the required contents of a company’s cybersecurity policy and vendor agreements and requiring encryption of data at rest and specific penetration and vulnerability testing requirements.” According to Craig, “the biggest impact may not be on financial institutions that are used to being regulated but the potential for this trend in specific cybersecurity requirements bleeding over into other industries that are not as accustomed to regulatory oversight.” To read the full article, click here.