"Banks Must Report Major Cyber Incidents Within 36 Hours Under Finalized Regulation"
Banks must report major cybersecurity incidents to federal officials within 36 hours under a rule that U.S. financial regulators finalized on Thursday. Beginning in May 2022, financial executives will need to be more forthcoming about computer system failures and interruptions, such as ransomware or denial-of-service attacks that have the potential to disrupt customers’ ability to access their accounts or impact the larger financial system. The rule is dubbed the Computer-Security Incident Notification Requirements for Banking Organizations. One Bank CEO stated that the financial services industry is a top target, facing tens of thousands of cyberattacks each day. The Bank CEO noted that enhanced harmonization of regulatory standards and supervision to reduce the amount of duplicative or redundant rules would help enable firms to devote more resources to security and better protect investors.