US Banks Will Report Significant Cybersecurity Incidents Within 36 hours
U.S. financial regulators will require banking organizations to report any significant cybersecurity incident within 36 hours of discovery
26 November 2021
According to the TechCrunch report starting from April 1, 2022 U.S. banks will have to inform their primary federal regulator “about incidents that have — or are reasonably likely to materially affect — the viability of their operations, their ability to deliver products and services, or the stability of the U.S. financial sector”, says the report. Those incidents could include “large-scale distributed denial of service (DDoS) attacks that disrupt customer access to banking services, or computer hacking incidents that disable banking operations for extended periods of time”.
The final rule, got approved by the Federal Deposit Insurance Corporation (FDIC) in a response to the increasing amount of cybersecurity attacks targeting financial services. “Cyberattacks targeting the financial services industry have increased in frequency and severity in recent years. These cyberattacks can adversely affect banking organizations’ networks, data, and systems, and ultimately their ability to resume normal operations,” the post quotes FDIC statement.
Read more: US banks must soon report significant cybersecurity incidents within 36 hours by Carly Page