This is particularly important for financial institutions, he added.
"If I'm a hacker, it's reasonable for me to expect that it will be harder to break into a top-five financial institutions, than into a medium-sized company that provides services to to financial institutions," he said. "And if I get into a vendor that providers access to twelve banks, then I get access to twelve banks' data as opposed to one."
Keller said that he doesn't expect the number of breaches to go down immediately as a result of the new regulations.
"With all due respect to security professionals, I think that it's reasonable to expect reported incidents to go up, only because of the time it takes to go in and make substantial improvements to security controls," he said.
Sign up for Computerworld eNewsletters.