Federal agencies approve cyberattack rules for US banking system
Federal banking regulatory agencies have approved a final rule on how information about cyberattacks should be shared within the US banking system, according to a joint statement released by the Federal Deposit Insurance Corporation (FDIC).
The Office of the Comptroller of the Currency (OCC), the Board of Directors, and the FDIC jointly announced that banks will be required to notify their primary federal regulator of any material cybersecurity incident as soon as possible, and at later 36 hours after that took place.
Notification will be required if the incident is likely to have a significant impact on the viability of a bank’s operations, its ability to provide banking products and services or the stability of the financial sector.
The rule also requires banking service providers to notify affected customers as soon as possible if the incident is believed to affect them for four hours or more.
“The notification requirement for banking service providers is important as banking organizations increasingly rely on third parties to provide essential services,” regulators said in a decision document.
“These third parties may also experience IT security incidents that may disrupt or degrade the provision of services to their banking organization’s customers or have other significant impacts on a banking organization.”
A report from cybersecurity firm OneSpan found that the top compliance challenges facing banks include preventing cyberattacks, protecting sensitive data, and keeping up with changes in consumer privacy laws and industry regulations. ‘industry.
According to a report by Cybersecurity Ventures, the total costs of cybercrime are expected to reach $10.5 trillion by 2025, as cases of account takeover, new account registration fraud and other types of cyberattacks continue to increase.
In September, the Basel Committee on Banking Supervision (BCBS) warned that malicious attackers in space had become “increasingly sophisticated” and had “more access points to banking systems”.