US banks harbor concerns over agencies’ cyber risk rule

The lack of a reporting template means “people can give the least amount of data possible”, warns a bank CISO, stymieing data sharing.

Reporting cyber attack

Sometimes it does take a sledgehammer to crack a nut. US prudential regulators have finalized a rule requiring banks to report major cyber incidents within 36 hours—a move they hope will help them intervene earlier on attacks that could affect the financial sector as they unfold.

But the rule doesn’t specify how and in what form the information is to be reported—nor does it precisely indicate how regulators will use the information they gather—leaving banks with unanswered questions.


Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact or view our subscription options here:

You are currently unable to copy this content. Please contact to find out more.

Sorry, our subscription options are not loading right now

Please try again later. Get in touch with our customer services team if this issue persists.

New to Waterstechnology? View our subscription options

The IMD Wrap: Will banks spend more on AI than on market data?

As spend on generative AI tools exceeds previous expectations, Max showcases one new tool harnessing AI to help risk and portfolio managers better understand data about their investments—while leaving them always in control of any resulting decisions.

You need to sign in to use this feature. If you don’t have a WatersTechnology account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here