Banking regulators in the US recently finalized a rule requiring banks to report any major cybersecurity incident to the government after 36 hours of discovery.
The rule is opposed by the Federal Reserve, the Federal Deposit Insurance Corporation, and the Office of the Comptroller of the Currency, as well as by any cybersecurity incident that could potentially impair a bank’s ability to operate and provide services or adversely affect the stability of the financial sector.
The new rule explicitly requires banks to notify their primary regulator of a significant computer security breach as soon as possible and no later than 36 hours after its discovery.
Banks are also instructed to notify customers of a cyber security incident as soon as possible if it causes operational problems lasting more than four hours.
In addition, the banking industry has successfully completed a major cross-industry cyber security exercise designed to ensure that Wall Street is prepared for incidents involving a ransomware attack that could potentially cause widespread disruption to financial services.
These latest developments highlight the growing threat posed by major cyber incidents to the financial sector.
For more information, you may view the original story from Reuters.
