Over the last 5-10 years, we’ve seen a major uptick in the number of regulations across all sectors regarding cybersecurity. The following is a brief look at how cybersecurity regulations have been implemented across seven sectors and divisions.
Cybersecurity Compliance: Regulations For 7 Industry Sectors
Financial Cybersecurity Regulations & Compliance
The financial sector has a number of cybersecurity requirements set by federal and state regulators. The most common set of requirements is found in the Federal Financial Institution Examination Council handbook, or FFIEC-IT. That body is comprised of a number of booklets that contain resources and requirements financial institutions are expected to adhere to. There are also a number of different guidances that financial regulatory bodies put out. An example is the Office of the Comptroller of Currency (OCC), which has put out guidance on third-party risk management. That guidance is issued to all organizations that fall under their oversight.
The best-known standard for cybersecurity compliance healthcare is the Health Insurance Portability and Accountability Act. HIPAA establishes cybersecurity standards for healthcare organizations, insurers, and the third-party service providers medical organizations do business with.
Consumer Data Cybersecurity Regulations & Compliance
Currently, 47 out of 50 states (and the District of Columbia) have enacted cybersecurity compliance requirements for organizations to notify states about security breaches that compromise customer data. For instance, if your company holds sensitive personal information about customers—like social security numbers, account numbers, or payment card information—and you experience a breach, you’re obligated to notify those affected. The Federal Trade Commission (FTC) can also penalize organizations for failing to adequately protect consumer data.
Insurance Cybersecurity Regulations & Compliance
While regulations for insurance departments and companies vary state by state, many have issued requirements to protect consumer information. Furthermore, we’ve seen increased interest in adding more regulations in this area. In October 2016, the New York State Department of Financial Services (DFS) proposed new regulation around cybersecurity for both financial organizations and insurance companies.
While cybersecurity compliance with regulations is a critical goal, ongoing management of cybersecurity—both your own and your vendors’—shouldn’t be understated. Protecting critical data and information is less about the label of compliance and more about creating and adhering to a cybersecurity program.
If you need some tips on how to create a cybersecurity program for your vendors, download this ebook. It covers the questions you need to ask all of your vendors, risk vectors and configurations to keep in mind, and the impact of continuous risk monitoring software.
This blog post was edited and updated in July 2020.
What’s the biggest struggle your vendor risk managers face when establishing cyber security monitoring processes? From sudden increases in the use of third-parties by your organization, to not knowing which vendors might be impacted by the...
If you’re using a “one-size fits all” approach to managing your vendor lifecycle, you are missing opportunities to save money and operate more efficiently. Vendor management efficiencies don’t end in the onboarding stage: using a...
If you’re experiencing frustrating delays and procedural roadblocks during your vendor management process, you’re not alone. Security managers are seeing an increase in the number of third-parties integrating with their business, and ...