Banks ordered to promptly flag cybersecurity incidents under new U.S. rule
WASHINGTON, Nov 18 (Reuters) – U.S. banking regulators on Thursday finalized a rule that directs banks to report any major cybersecurity incidents to the government within 36 hours of discovery.
Separately, the banking industry said it had successfully completed a massive cross-industry cyber security drill that aims to ensure Wall Street knows how to respond in the event of a ransomware attack that threatens to disrupt a range of financial services.
The developments highlight the growing threat large-scale cyber incidents pose to financial stability.
“The financial services industry is a top target, facing tens of thousands of cyberattacks each day,” said Kenneth Bentsen, CEO of the Securities Industry and Financial Markets Association, which organized and led the industry drill.
The new bank rule stipulates that banks must notify their primary regulator of a significant computer security breach as soon as possible, and no later than 36 hours after discovery.
Banks also must notify customers as soon as possible of a cybersecurity incident if it results in problems lasting more than four hours.
Source: Reuters