Federal agencies approve cyberattack rules for U.S. banking system
Federal banking regulatory agencies have approved a final rule on how cyber attack information should be shared within the U.S. banking system, according to a joint statement issued by the Federal Deposit Insurance Corporation (FDIC).
The Office of the Comptroller of the Currency (OCC), the Council and the FDIC jointly announced that banks will be required to notify their primary federal regulator of any significant cybersecurity incident as soon as possible, and no later than 36 hours thereafter. it happened.
Notification will be required if the incident is likely to have a significant impact on the viability of a bank’s operations, its ability to provide banking products and services, or the stability of the financial sector.
The rule also requires banking service providers to notify affected customers as soon as possible, if it is estimated that the incident could affect them for four hours or more.
“The notification obligation for banking service providers is important as banking organizations increasingly depend on third parties to provide essential services”, regulators said in a decision document.
“These third parties may also be confronted with IT security incidents that could disrupt or degrade the provision of services to customers of their banking organization or have other significant impacts on a banking organization. “
A report by cybersecurity firm OneSpan found that the main compliance challenges facing banks included preventing cyber attacks, protecting sensitive data, and tracking changes in consumer privacy laws and regulations. ‘industry.
According to a report by Cybersecurity Ventures, the total costs of cybercrime are expected to reach $ 10.5 trillion by 2025, as account takeovers, new account fraud and other types of cyber attacks continue. to increase.
In September, the Basel Committee on Banking Supervision (BCBS) warned that malicious attackers in space had become “more and more sophisticated” and had “more points of access to banking systems”.