It’s been a year that millions of US credit and debit cards have been prominently hacked, and now one of the top regulators of the country’s financial system is concerned that the prospect of such cyber event is one of the most significant issues that need to be addressed as soon as possible.

New York State Department of Financial Services has recently pushed for harsher fines and executive accountability for banks, especially highlighting Standard Chartered and BNP Paribas. According to the agency, the technological vulnerabilities of the financial system represent a pressing and potentially catastrophic problem. The fears are that the system can face a kind of major cyber event, dubbed an “Armageddon-type” cyber event.

New York State Department of Financial Services explained that other regulators also consider “concrete actions” to encourage financial institutions to be vigilant, including a cyber insurance fund which could help them cover some liability in case they step up their Internet security. Although a current private market for such insurance does exist, it is so small as to be negligible.

In the meantime, the regulator still discusses the form of the incentives, saying that a number of people will have to bear the cost of tighter cybersecurity: shareholders, customers and taxpayers. Within the past twelve months, a number of prominent US companies saw hackers stealing their customers’ credit card data. For example, such companies as Target, Home Depot and JP Morgan all suffered significant data breaches.

It should be mentioned that in all cases, the attacks were not only very massive, but also lasted for several months. For instance, Home Depot suffered a 5-month attack on its data systems, which compromised 56 million credit cards. The largest attack was on Target, which compromised 40 million cards. Finally, the attack on JP Morgan continued all summer without the bank’s knowledge. The security experts suggest that the attacks will only get more prevalent and harder to capture.

New York State Department of Financial Services also discussed its thoughts around fines on RBS, Standard Chartered and BNP Paribas, arguing that holding “a few bad apples” accountable is a key method. The matter is that if individuals are not held accountable, the full effects of deterrence are not achieved. For example, banks often use this individual approach in order to punish wrongdoing that might otherwise wrap up the entire company.

The RBS case proved that just damning the entire company is actually often counterproductive, as it makes it look like the whole company was to blame. In addition, in most cases the fines are picked up by shareholders or customers or whoever the costs are passed along. Finally, the agency explained its decision to go after Standard Chartered a second time, after installing a monitor inside the company after its first $667 million fine for helping alleged money-laundering.