Press Release

33 Percent of Financial Institutions Have Not Tested Their Cybersecurity Incident Response Plan

CHICAGO (Feb. 15, 2018) – A flash poll conducted by Baker Tilly Virchow Krause, LLP (Baker Tilly) indicates nearly one-third of financial institutions have yet to test their cybersecurity incident response plan. Section 500.16 of the New York State Department of Financial Services’ (NYS DFS) Cybersecurity Law requires covered entities to establish a written incident response plan. Testing of the plan, while voluntary, raises an organizations level of preparedness if and when a cybersecurity event occurs.

“Having an incident response plan established indicates to an organization’s stakeholders the proper processes are in place to respond to a cybersecurity incident,” Christopher Tait, MBA, CISA, CFSA, CCSK, HITRUST CCSFP, principal with Baker Tilly’s financial services risk practice, said. “However, testing the plan demonstrates to stakeholders that an organization can execute on its processes when an incident occurs.”

“By creating live action scenarios, an organization is able to identify gaps where improvements are needed so everyone in the institution is fully prepared when a real incident occurs,” Russ Sommers, CPA, CISA, senior manager with Baker Tilly’s financial services risk practice, said.

Baker Tilly recently held an educational webinar, “The NYS DFS cybersecurity law: Implementation lessons learned,” to help financial institutions understand best practices for complying with the regulation’s remaining compliance requirements.

The webinar presenters discussed:

  • Practical application of the NYS DFS cybersecurity law along the compliance timeline
  • Building a sustainable risk assessment process and how to apply the results of the risk assessment to the cybersecurity program
  • Building a governance structure based on the people, process and technology

About Baker Tilly US, LLP (

Baker Tilly US, LLP (Baker Tilly) is a leading advisory, tax and assurance firm whose specialized professionals guide clients through an ever-changing business world, helping them win now and anticipate tomorrow. Headquartered in Chicago, Baker Tilly, and its affiliated entities, have operations in North America, South America, Europe, Asia and Australia. Baker Tilly is an independent member of Baker Tilly International, a worldwide network of independent accounting and business advisory firms in 145 territories, with 34,700 professionals. The combined worldwide revenue of independent member firms is $3.6 billion. Visit or join the conversation on LinkedIn, Facebook and Twitter.