US regulators order banks to report cyber-attacks within 36 hours


By FintechNews staff

-Federal agencies approve cyber-attack rules for US banking system.

-The Office of the Comptroller of the Currency (OCC), Board, and the FDIC have jointly announced that banks will be required to notify their primary federal regulator of any significant cyber-security incident as soon as possible, and no later than 36 hours after it has taken place.

-The rule also requires banking service providers to notify affected customers as soon as possible, if it is deemed the incident could impact them for four or more hours.

-Examples of incidents that need to be reported under the new rule include large-scale distributed denial of service attacks that disrupt customer account access to banking services or computer hacking incidents that takedown banking operations for extended periods of time.

-“Computer-security incidents can result from destructive malware or malicious software (cyberattacks), as well as non-malicious failure of hardware and software, personnel errors, and other causes,” the Computer-Security Incident Notification Final Rule explains.

“Cyberattacks targeting the financial services industry have increased in frequency and severity in recent years. These cyberattacks can adversely affect banking organizations’ networks, data, and systems, and ultimately their ability to resume normal operations.”

-According to a report by Cybersecurity Ventures, total cybercrime costs are projected to reach $10.5 trillion by 2025, as account takeover cases, new account fraud, and other types of cyberattacks continue to rise.

Leave a reply

Please enter your comment!
Please enter your name here