Banks in the U.S. will be required to notify regulators within the first 36 hours after an organization suffers a qualifying “computer-security incident” The regulation was first passed in November 2021. Financial services and institutions are one of the most targeted sectors by global cyber adversaries. The rule was passed by a collective of regulators, including the Federal Deposit Insurance Corp., the Board of Governors of the Federal Reserve System, and the Office of the Comptroller of the Currency. Most banks have already been conditioned to a 72-hour reporting window through the New York Department of Financial Services cybersecurity regulation.”]
Source: https://www.cuinfosecurity.com/new-us-breach-reporting-rules-for-banks-take-effect-may-1-a-18998