Is this email difficult to read? View it in a web browser. ›
The Wall Street Journal ProThe Wall Street Journal Pro

CybersecurityCybersecurity

Sponsored by Zscaler logo.

New York Tightens Third-Party Risk Management Guidance

By James Rundle
 

Good day. The New York State Department of Financial Services issued new guidance yesterday, urging banks and insurers to tighten oversight of third-party service providers as supply-chain attacks rise.

The guidance clarifies existing obligations under NYDFS cybersecurity rules and shares best practices on vetting vendors, monitoring for risk and maintaining internal controls. While it doesn’t introduce new rules, it does stress that the onus is on regulated firms to make sure they’re properly overseeing their suppliers. 

Kaitlin Asrow, acting superintendent of NYDFS, said firms remain “ultimately accountable” for safeguarding consumer data, even when outsourcing.

Also today:

  • Cyber badges for scouts.
  • Dataminr buys ThreatConnect
  • Auto insurers fined in New York.
 

‏‏‎ ‎
CONTENT FROM: ZSCALER
Why CIOs Are Adopting A Cafe-like Branch Architecture

Ransomware attacks often start with one compromised user — a single user in a branch can infect everything on your network. This is facilitated by an underlying design principle of MPLS and SD-WAN — lateral movement. Zscaler CEO Jay Chaudhry explains why CIOs are embracing cafe-like branches to stop ransomware, increase business agility and reduce cost.

It’s time to embrace cafe-like branches

 

More Cyber News

PHOTO: LM OTERO/ASSOCIATED PRESS

Scouts to Earn Badges for AI and Cybersecurity. Scouting America announced that its members can now earn merit badges in artificial intelligence and cybersecurity, reflecting the organization’s push to align with technology-focused career paths. (AOL)

PHOTO: FRED TANNEAU/AFP/GETTY IMAGES

New York Auto Insurers Fined for Cyber Lapses. Eight auto-insurance companies licensed in New York are collectively liable for about $19 million in penalties after the NYDFS found they failed to meet state cybersecurity regulation standards during a wave of online attacks. (ComplianceWeek)

Nearly Half of Fortune 100 Now Cite AI as Board Issue. According to an Ernst & Young report, 48% of Fortune 100 companies now regard artificial intelligence as a specific subject of board-level oversight, up from 16% last year. More than 40% say a board committee has direct responsibility for AI risks. (CFO Dive)

Dataminr to Acquire ThreatConnect. Dataminr announced it will buy threat-intelligence firm ThreatConnect in a deal valued at about $290 million in cash and equity. Dataminr raised $85 million in financing in March, which is characterized as pre-initial public offering funding at the time. (CyberScoop)
 

About Us

The WSJ Pro Cybersecurity team is Deputy Bureau Chief Kim S. Nash and reporters Angus Loten, James Rundle and Catherine Stupp. Follow us on X @WSJCyber. Reach the team by replying to any newsletter you receive or by emailing Kim at kim.nash@wsj.com.

 
Share this email with a friend.
Forward ›
Forwarded this email by a friend?
Sign Up Here ›
 
Desktop, tablet and mobile. Desktop, tablet and mobile.
Access WSJ‌.com and our mobile apps. Subscribe
Apple app store icon. Google app store icon.
Unsubscribe   |    Newsletters & Alerts   |    Contact Us   |    Privacy Notice   |    Cookie Notice
Dow Jones & Company, Inc. 4300 U.S. Ro‌ute 1 No‌rth Monm‌outh Junc‌tion, N‌J 088‌52
You are currently subscribed as [email address suppressed]. For further assistance, please contact Customer Service at pro‌newsletter@dowjones.com or 1-87‌7-975-6246.
Copyright 2025 Dow Jones & Company, Inc.   |   All Rights Reserved.
Unsubscribe