NY banking regulator to issue cybersecurity rules by year-end

Benjamin Lawsky, superintendent of the New York State Department of Financial Services.
Mike Segar | Reuters

Benjamin Lawsky, New York's financial services regulator, said on Monday he hopes to propose new cybersecurity regulations for banks and insurance companies under his aegis by year-end. (Tweet This)

Lawsky said the regulations would aim to plug security gaps that could make financial institutions more vulnerable to hacking.

"The one thing we find to be an existential threat right now is whether our financial institutions and systems are adequately protected when it comes to cybersecurity," Lawsky, superintendent of the New York Department of Financial Services, said at the Reuters Financial Regulation Summit in New York.

Read More Tesla hack targets Illinois family

The planned regulations would follow a report issued by the department in April, which revealed that one-third of the 40 banks it surveyed did not require outside vendors to notify them of breaches, which could compromise bank data.

One regulation may require banks to get warranties from their vendors about what cybersecurity protections they have in place. The massive breach at Target in 2013 was tied to its heating and ventilation systems contractor, Lawsky pointed out.

A second regulation could require banks to adopt a multi-stepped process for allowing employees, and possibly customers, to log into their systems in order to make sure they are authorized users, Lawsky said.

Read More Possible data breach at Hard Rock Hotel

Cybersecurity has become an increasing focus for banking regulators and could soon be a "major part" of their routine examinations of banks.

"If they fail, there would be pretty severe consequences," Lawsky said. But the regulator, not usually shy about going public with bank misconduct, said he would not be so inclined to publicize which specific bank is prone to a possible security failure.

"I think we have to think hard about telling the world that a particular bank is vulnerable to a cyberattack," Lawsky said.

New York's Department of Financial Services regulates state-chartered banks and foreign banks licensed to operate in the state, including Goldman Sachs, Barclays and Deutsche Bank, and all insurance companies that do business in the state.

Read More Obama's unclassified emails hacked

The U.S. Justice Department also has been focusing on curbing cybercrime and prosecuting predators.

"We're trying to help people to close their door and lock their door," said Assistant Attorney General Leslie Caldwell, head of the department's criminal division.

Caldwell, also speaking at the Reuters Financial Regulation Summit, said the department is focusing on cases that stand to help the most victims.

Last month, the department issued guidance outlining steps companies can take after an attack.