New York DFS Leverages Cybersecurity Ratings to Take a Risk-Based Approach Toward Supervision and Continuously Monitor Regulated Entities
New York, May 4, 2022 – SecurityScorecard, the global leader in cybersecurity ratings, is now working with the New York State Department of Financial Services (DFS) to further support the department’s first-in-the-nation cybersecurity efforts to modernize its supervision process. As described on DFS’s website and discussed during its March 29 Cybersecurity Symposium,(1:21:00 mark), DFS is using SecurityScorecard’s cybersecurity ratings and analysis (based on publicly-available data and open-source information) to assess the strength of the cybersecurity programs of DFS’s regulated entities. According to DFS, this gives them a tool to “better and faster assess the cyber risk” facing its nearly 3,000 regulated entities. Specifically, SecurityScorecard’s ratings provide a “systematic approach” to measuring cyber risk and enabling DFS to focus on the areas of the most significant risk.
“Security ratings are widely used by cyber insurers and other financial services firms to continuously monitor their security postures and their vendors,” said Sachin Bansal, Chief Business and Legal Officer of SecurityScorecard. “We’re proud to work with DFS to give them an automated capability, and incorporate a continuous monitoring approach into their supervision process.”
DFS has been a pioneer in cybersecurity oversight in financial services. The agency was the first financial services regulator in the country (state or federal) to issue a cybersecurity-specific regulation in 2017, and now it is the first financial services regulator to publicly disclose its use of cybersecurity ratings as part of its work. DFS has also announced a new online questionnaire that it expects to begin using in 2023. By working with DFS, SecurityScorecard further extends its services with regulators and related supervisory organizations.
SecurityScorecard is currently rating over 12 million entities globally, and uses non-intrusive proprietary methods to continuously monitor across 10 risk categories (e.g., network security, application security, patching cadence) to instantly deliver an easy-to-understand “A” through “F” rating. On a daily basis, these ratings are updated based on objective, publicly-available data that, similar to credit ratings, provides an “outside-in” view of an entity’s security posture.
Funded by world-class investors including Evolution Equity Partners, Silver Lake Waterman, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings with more than 12 million companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard’s patented rating technology is used by over 25,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, cyber insurance underwriting, and regulatory oversight. SecurityScorecard is the first cybersecurity ratings company to offer digital forensics and incident response services, providing a 360-degree approach to security prevention and response for its worldwide customer and partner base. SecurityScorecard continues to make the world a safer place by transforming the way organizations understand, improve and communicate cybersecurity risk to their boards, employees, and vendors. Every organization has the universal right to its trusted and transparent Instant SecurityScorecard rating. For more information, visit securityscorecard.com or connect with us on LinkedIn.