October 14, 2024

By Richard I. Simon, Esquire, and Steven W. Teppler, Esquire


Attorneys from Mandelbaum Barrett PC explore how the rising cyber threats and stringent regulations facing lenders and the essential strategies for developing robust cybersecurity programs, safeguarding data, and maintaining regulatory compliance in a rapidly changing landscape.

The lending industry, encompassing both traditional banks and non-traditional financial institutions, has become a prime target for cyber-attacks. These attacks range from sophisticated phishing schemes to ransomware assaults, posing significant risks not only to financial assets but also to sensitive customer data. The increasing frequency and severity of these cyber threats have prompted regulatory bodies to impose stringent cybersecurity requirements. Lenders must navigate these regulations to maintain defensible compliance and avoid substantial civil and regulatory penalties.

Challenges Facing the Lending Industry Evolving Threat Landscape:
Cyber threats are continually evolving, with attackers employing increasingly sophisticated techniques. Traditional lenders, such as banks, and nontraditional lenders, including fintech companies, are both at risk. The diversity of these attacks, ranging from data breaches to malware, makes it difficult for lenders to stay ahead.

Complex Regulatory Environment: Lenders must comply with various federal and state regulations designed to protect consumer data and ensure cybersecurity. Key regulations include:

Gramm-Leach-Bliley Act (GLBA): This federal law mandates that financial institutions explain their information-sharing practices to their customers and safeguard sensitive data. Key requirements include developing a comprehensive information security program, conducting risk assessments, and implementing safeguards to protect customer information. Additionally, institutions must provide annual privacy notices to customers and ensure that third-party service providers maintain appropriate security measures.

New York Department of Financial Services (DFS) Part 500: This regulation requires financial services companies to establish and maintain a cybersecurity program designed to protect consumers and ensure the safety and soundness of the state’s financial services industry.

Click here to continue reading.

About the Author

Richard Simon is a shareholder, co-chair of Mandelbaum Barrett PC’s Banking and Financial Services Practice Group, and Partner in Charge of the New York Office. With over 30 years of legal experience, he specializes in commercial lending, including asset-based lending, factoring, trade finance, and finance litigation. Simon advises clients on business structure, planning, finance, corporate governance, cybersecurity, and privacy issues.

Steven W. Teppler is a partner, chair of Mandelbaum Barrett PC’s Privacy and Cybersecurity Practice Group, and Chief Cybersecurity Legal Officer. He focuses on cybersecurity and privacy work, advising on potential class action and mass tort liability related to security vulnerabilities and code defects.