Banks ordered to promptly flag cybersecurity incidents under new rule

A 3D-printed Cyber word standing on PC motherboard is seen in this illustration picture, October 26, 2017. REUTERS/Dado Ruvic

WASHINGTON, Nov 18 (Reuters) - U.S. banking regulators finalized a rule on Thursday that directs banks to report any major cybersecurity incidents to the government within 36 hours of discovery.

The rule stipulates that banks must notify their primary regulator of a significant computer security breach as soon as possible, and no later than 36 hours after its discovery.

Banks also must notify customers as soon as possible of a cybersecurity incident if it results in problems lasting more than four hours.

Reporting by Pete Schroeder
Editing by Chris Reese

Our Standards: The Thomson Reuters Trust Principles.

Comments are closed.