In the case of computer security companies, they ought to thank the bureaucrats at the New York Department of Financial Services, and their counterparts in the European Union.In the last 12 months, both institutions approved sweeping new security rules for banks, insurance companies and other financial institutions. The point of the new rules is to keep hackers out of their computer systems and protect customers’ information.The impact will be far-reaching in powerful but subtle ways

The First of Their Kind

pixelcreatures / Pixabay

The new rules are the first of their kind, mandating cybersecurity and prescribing specific ways that banks need to handle their data. But they also increase the kinds of companies that need to think more seriously about the task.

In other words, it’s not just banks, insurance companies and credit card companies that have to focus on cybersecurity. It’s also…

  • Mortgage brokers.
  • Property title insurers.
  • Check cashing companies.
  • Payday lenders.
  • Money wiring firms.
  • Virtual currency companies.
  • Encryption services.

And that’s just for starters.

Safety Isn’t Cheap

Financial companies have been “hashing out” important personal data in their digital files — rendering it unintelligible — for many years.

But the new rules require financial companies to encrypt all “nonpublic information,” regardless of whether it’s “held or transmitted” by the bank.

Likewise, encryption is required for the data “both in transit over external networks and at rest.” (The EU’s rules, put in place last year, are similar.)

That’s a big change. And it means financial companies will need to increase their spending on encryption products.

The new rules also require banks and other financial companies to be able to detect and respond to a hacking attempt. That’s another big adjustment, and it means more spending too.

Why bother adding this requirement? Well, you may remember when hackers stole the credit card data from millions of Target’s customers in 2013. The intruders were able to roam inside Target’s network for days without detection thanks to the use of stolen network credentials.

Lastly, there’s the follow-on effect as regulators elsewhere take notice of the new rules in New York and the European Union. They’re determined to put their own rules in place mandating that financial companies up their spending for online security.

The point is, cybersecurity spending was already on the way up. The new online security rules for financial companies operating in New York state and the EU raise the notch even further.

One way that you can profit from these new rules is to buy the First Trust Nasdaq Cybersecurity ETF (Nasdaq: CIBR). This exchange-traded fund includes some of the leading companies in the cybersecurity industry.