U.S. banks would have no longer than 36 hours after finding a cybersecurity breach to flag the issue to their regulators, under a new rule proposed Friday.
The proposal from U.S. banking regulators would direct banks to notify their primary regulator as soon as possible after a breach is discovered that could impair services or the organization itself. In addition, the rule would direct third-party service providers to promptly tell client banks of any breaches that would impair their services.