Skip to content

U.S. Banks Must Report Hacks Within 36 Hours, New Rule Says


Source: Getty Images

Banks must report major cyberattacks to regulators within 36 hours if the incident is likely to disrupt their business, according to a new rule from U.S. regulators.

Any “computer security incident” that threatens a lender’s operations, services to customers or the stability of the financial system has to be disclosed to the bank’s primary government watchdog, according to a rule issued on Thursday that is set to go live on May 1.