New proposed rule on security incident notification in financial services sector should be applied universally

Summary

The new rule proposed by the US Comptroller of the Currency, the Federal Reserve System, and the Federal Deposit Insurance Corporation expands the current requirements banking organizations and bank service providers have to follow when a security incident rises to the level of a “notification incident”. A security incident refers to any event that violates security policies, procedures, or acceptable use policies, or results in actual or potential harm to the confidentiality, integrity, or availability of an information system.

According to the rule, “this notification requirement is intended to serve as an early alert to a banking organization's primary federal regulator and is not intended to provide an assessment of the incident”.

Report

Analysis

The new rule is a step in the right direction for cyber risk transparency in the financial services sector. The sector represents both critical infrastructure and is a prime target for hackers. It is also one of the best performing sectors from a cyber governance perspective.

But such disclosure requirements (just like earlier cyber regulation from New York Department of Financial Services) should not be limited to the financial services sector. Such regulation should be applied across all industry sectors. Digital technology is as critical to the functioning of industrial and healthcare companies as it is to banks. Therefore, the regulatory efforts to strengthen transparency around cyber risk should also be broadly applied in order to incentivize a larger cross-section of companies to improve security and lower growing systemic risks.

We use cookies to make our website more user-friendly and effective

The Cyberhedge Indices Cookie Policy

What are the Cyberhedge Cyber Governance Indices?

These first ever benchmarks prove good cyber governance matters to shareholder value. They measure stock market performance of companies with good and with bad cyber governance scores. Scores are based on Cyberhedge’s proprietary cyber governance rating methodology. Market performance is tracked by an independent firm. The results show that companies with good cyber governance outperform their peers in US, UK, and EU markets.

Information that we collect

Here you can see and customize the information that we collect about you. To learn more, please read our privacy policy

Continue on website