US federal bank regulatory agencies have finalised a new rule that requires banking firms to report cybersecurity incidents to the regulator within 36 hours of discovery.

The Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation and Office of the Comptroller of the Currency have approved the final rule.

Go deeper with GlobalData

Premium Insights

The gold standard of business intelligence.

Find out more

In a joint release, the agencies said: “The final rule requires a banking organization to notify its primary federal regulator of any significant computer-security incident as soon as possible and no later than 36 hours after the banking organization determines that a cyber incident has occurred.”

Additionally, the lenders are required to inform the customers of affected organisations as well about the cybersecurity incident if it can impact them for four hours or longer.

The new rule is aimed at helping authorities mitigate the risks cyber incidents pose on the banking and financial system.

“This requirement will help promote early awareness of emerging threats to banking organizations and the broader financial system. This early awareness will help the agencies react to these threats before they become systemic,” the agencies added.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Meanwhile, the industry trade group Securities Industry and Financial Markets Association (SIFMA) said that it completed a global industry-wide cybersecurity exercise.

The exercise, called Quantum Dawn VI, simulated a ransomware attack to allow financial firms, central banks, and data sharing firms among others to rehearse their response in an event of a cyberattack.

SIFMA president and CEO Kenneth Bentsen said: “A clear takeaway from the exercise is the importance of a robust partnership between the industry and government grounded in information sharing. No single actor – not the government, nor any individual firm – has the resources to protect markets from cyber threats on their own, nor do cyber incidents restrict themselves to one geographic region.”