Ransomware Is On The Rise, The US Government Makes Regulations On Reporting Cyber Attack Incidents In Banking

The rise of ransomware and cyber crime has made the US government even more vigilant. (photo credit: pixabay)

JAKARTA - US banking regulators on Thursday, November 17 finalized a rule directing banks to report major cybersecurity incidents to the government within 36 hours of being discovered.

Separately, the banking industry also said it had successfully completed a massive cross-industry cybersecurity exercise aimed at ensuring Wall Street knows how to respond in the event of a ransomware attack that threatens to disrupt financial services around the world, particularly in the US.

These developments highlight the growing threat posed by large-scale cyber incidents to financial stability. This is clearly dangerous for the US economy.

"The financial services industry is a prime target, facing tens of thousands of cyberattacks every day," said Kenneth Bentsen, CEO of the Securities Industry and Financial Markets Association, which organized and led the industry exercise.

New bank rules stipulate that banks must notify their main regulator of a significant computer security breach as soon as possible, and no later than 36 hours after it is discovered.

Banks must also notify customers as soon as possible about a cybersecurity incident if it results in a problem lasting more than four hours.

These new requirements apply to any cybersecurity incident that is expected to have a material impact on a bank's ability to provide services, carry out its operations, or undermine the stability of the financial sector. This rule is approved by the Federal Reserve, the Federal Deposit Insurance Corporation, and the Office of the Comptroller of Currency in the US.

This policy sets explicit expectations about how quickly banks should make cybersecurity breaches known, as regulators seek to pursue the rapidly evolving role of technology in every type of banking service. Previously, there were no specific requirements on how quickly banks had to report major computer breaches.