skip to main content


Technology, Risk & Compliance

Cyber attacks are more common than ever in our internet-driven world. Our approach to cybersecurity utilizes a 360° view that includes people, processes, and technology.


July 29, 2019


Managing cyber risk is a challenge, especially for companies in financial services. This is in part because cyber risk is generally approached differently from traditional risk. For example, in cyber risk management it is acceptable to describe risk using words, such as risk profile and risk tolerance, instead of numbers, which are simpler. Cyber risk experts measure the success of their standards and frameworks based on whether there is an identifiable vulnerability in their defenses.

At times it seems that the only group with a simplified cyber model are the adversaries. They have a relatively straightforward process: find the weakness, wait patiently and then monetize stolen assets.

The New York State Department of Financial Services has determined cyber to be the No. 1 threat within its jurisdiction and made cybersecurity compliance certification mandatory for financial services firms as of March 1, 2019. A company deemed to be a “covered entity” must have a cybersecurity program that has written policies and procedures to protect itself. While the agency provides ample material outlining these regulations, it offers minimal direction in how to lower cyber risk.

Reducing this risk requires a direct proportional relationship between risk measurement and costs. Here are six steps that financial services firms in New York should consider in regard to lowering their risk profile.

Read the full article written by Warren Zafrin in Crain’s New York Business.

Hide Firm Disclaimer


UHY LLP is a licensed independent CPA firm that performs attest services in an alternative practice structure with UHY Advisors, Inc. and its subsidiary entities. UHY Advisors, Inc. provides tax and business consulting services through wholly owned subsidiary entities that operate under the name of "UHY Advisors." UHY Advisors, Inc. and its subsidiary entities are not licensed CPA firms. UHY LLP and UHY Advisors, Inc. are U.S. members of Urbach Hacker Young International Limited, a UK company, and form part of the international UHY network of legally independent accounting and consulting firms. "UHY" is the brand name for the UHY international network. Any services described herein are provided by UHY LLP and/or UHY Advisors (as the case may be) and not by UHY or any other member firm of UHY. Neither UHY nor any member of UHY has any liability for services provided by other members.

On this website, (i) the term "our firm", "we" and terms of similar import, denote the alternative practice structure conducted by UHY LLP and UHY Advisors, Inc. and its subsidiary entities, and (ii) the term "UHYI" denotes the UHY international network, in each case as more fully described in the preceding paragraph.