The May 1 change to banks’ cyber-notification process is fast approaching. As we wrote previously the OCC, FDIC, and Federal Reserve Board implemented a final rule under which banks and their service providers must notify their primary federal regulators within 36 hours of certain incidents. A notification incident that triggers this requirement is defined as a computer security incident that materially disrupts a banking organization’s operations or lines of business. Thus not all incidents will meet these levels. For those that do, banks will need to be prepared. Part of that is having the right points of contact, which include:
Continue Reading On the Clock: Cyber Incidents Notification Deadline Approaching for Banks
