U.S. regulators have approved a rule to require banks to report major cyber incidents within 36 hours.
The rule, dubbed the Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers, was cemented by the Office of the Comptroller of the Currency, Board of Governors of the Federal Reserve System and the Federal Deposit Insurance Corporation. There is currently no specific window that banks must repot such incident to the agencies in question.
Check It Out: Rule Approved: Banks Must Report Cyber Attacks Within 36 Hours