U.S. banking regulators this week approved a rule that obliges banks to report any major cybersecurity incidents to the government within 36 hours of discovery. Major cybersecurity incidents are attacks that impact operations of the victims or the stability of the US financial sector.
The rule was approved by the Federal Reserve, Federal Deposit Insurance Corporation and Office of the Comptroller of the Currency. The rule aims at forcing banks to quickly respond to cybersecurity incidents.
The rule also required financial institutions to notify customers “as soon as possible” if the attack has caused problems lasting four or more hours.
According to the Reuters, the banking industry had successfully completed a massive cross-industry cyber security drill to test the response to a ransomware attack that threatens to disrupt a range of financial services.
(SecurityAffairs – hacking, U.S. banking)