Russia’s Ukraine invasion significantly elevates cyber risk for the U.S. financial sector, which should fully comply with the New York State Department of Financial Services’ cybersecurity regulations, the department said in a warning issued last week.
The industry guidance says Russia’s ongoing cyberattacks against Ukraine could spill over and damage networks outside of the country, as has happened in the past.
Escalating tensions also increases the risk that Russian threat actors will directly attack the U.S. critical infrastructure in retaliation for sanctions or other steps taken by the U.S. government, the department said in its guidance.
The department said steps companies should take, pursuant to its cybersecurity regulation and subsequent guidance, include:
-Review programs to ensure full compliance, with particular attention to core cybersecurity hygiene measures.
-Review, update and test incident response and business continuity planning.
-Review and implement practices not already in place in the department’s June 2021 ransomware guidance.
-Reevaluate plans to maintain essential services.
-Conduct a full test of the ability to restore from backups.
-Provide additional cybersecurity awareness training.
The department also recommends that regulated entities track guidance and alerts from the federal Cybersecurity Infrastructure Security Agency and Information Sharing and Analysis Centers.
Russia’s invasion of Ukraine will have a substantial impact on the global insurance industry in the near- to midterm and could drive cyber rates higher in the already-hardening market, ratings agency A.M. Best Co. said in a report issued late Friday.