In early April, Wall Street’s oversight committee announced that bank’s oversight of cybersecurity measures at outside firms it does business with remains a work in progress, at best. It cited a survey of 40 banks that found that only about a third require their outside vendors to notify them of any breach to their own networks, which could in turn compromise confidential information of the bank and its customers.
Fewer than half the banks surveyed by the committee said they conducted regular on-site inspections to make sure the vendors they hire – like data providers, check-processing firms, accounting firms, law firms and even janitorial companies – are using adequate security measures, the report said. About half require vendors to provide a warranty that their products and data streams are secure and virus-free.