(Reuters) — Benjamin Lawsky, New York's financial services regulator, said Monday he hopes to propose new cyber security regulations for banks and insurance companies under his aegis by year-end.

Mr. Lawsky said the regulations would aim to plug security gaps that could make financial institutions more vulnerable to hacking.

"The one thing we find to be an existential threat right now is whether our financial institutions and systems are adequately protected when it comes to cyber security," Mr. Lawsky, superintendent of the New York Department of Financial Services, said at the Reuters Financial Regulation Summit in New York.

The planned regulations would follow a report issued by the department in April, which revealed that one-third of the 40 banks it surveyed did not require outside vendors to notify them of breaches, which could compromise bank data.

One regulation may require banks to get warranties from their vendors about what cyber security protections they have in place. The massive breach at Target Corp. in 2013 was tied to its heating and ventilation systems contractor, Mr. Lawsky pointed out.

A second regulation could require banks to adopt a multistepped process for allowing employees, and possibly customers, to log into their systems in order to make sure they are authorized users, Mr. Lawsky said.

Cyber security has become an increasing focus for banking regulators and could soon be a "major part" of their routine examinations of banks.

"If they fail, there would be pretty severe consequences," Mr. Lawsky said. But the regulator, not usually shy about going public with bank misconduct, said he would not be so inclined to publicize which specific bank is prone to a possible security failure.

"I think we have to think hard about telling the world that a particular bank is vulnerable to a cyber attack," Mr. Lawsky said.

New York's Department of Financial Services regulates state-chartered banks and foreign banks licensed to operate in the state, including The Goldman Sachs Group Inc., Barclays P.L.C. and Deutsche Bank A.G., and all insurance companies that do business in the state.

The U.S. Justice Department also has been focusing on curbing cybercrime and prosecuting predators.

"We're trying to help people to close their door and lock their door," said Assistant Attorney General Leslie Caldwell, head of the department's criminal division.

Ms. Caldwell, also speaking at the Reuters Financial Regulation Summit, said the department is focusing on cases that stand to help the most victims.

Last month, the department issued guidance outlining steps companies can take after an attack.