U.S. federal banking regulators have approved a new rule that will require banks to notify regulators no later than 36 hours after a qualifying “computer-security incident” The rule also requires banking service providers to notify at least one bank-designated point of contact at each affected customer banking organization “as soon as possible” Regulators estimate that some 150 notification incidents occurred annually in 2019 and 2020 – though the agencies say that number could increase. One legal expert says the new rule has all the earmarks of design-by-committee and a classic case of ‘do something!'”]
Source: https://www.cuinfosecurity.com/regulators-banks-have-36-hours-to-report-cyber-incidents-a-17959