WASHINGTON, Nov 18 (Reuters) – U.S. banking regulators on Thursday finalized a rule that directs banks to report any major cybersecurity incidents to the government within 36 hours of discovery.<\/p>\n
Separately, the banking industry said it had successfully completed a massive cross-industry cyber security drill that aims to ensure Wall Street knows how to respond in the event of a ransomware attack that threatens to disrupt a range of financial services.<\/p>\n
The developments highlight the growing threat large-scale cyber incidents pose to financial stability.<\/p>\n
\u201cThe financial services industry is a top target, facing tens of thousands of cyberattacks each day,” said Kenneth Bentsen, CEO of the Securities Industry and Financial Markets Association, which organized and led the industry drill.<\/p>\n
The new bank rule stipulates that banks must notify their primary regulator of a significant computer security breach as soon as possible, and no later than 36 hours after discovery.<\/p>\n
Banks also must notify customers as soon as possible of a cybersecurity incident if it results in problems lasting more than four hours.<\/p>\n
Source: Reuters<\/p>\n