Financial regulatory agencies in USA passed a bill requiring banks to report to government authorities. security when they were targeted for cyber attacks within 36 hours.

Banking institutions will need to report when the cyber attacks are successful or have a potential impact on your customers' investments, or stop them for at least four hours. In a situation similar to the stipulations of the General Data Protection Law (LGPD), here in Brazil, if the investee affects the accounts or data of registered people, they must also be notified.


The decision is immediately linked to the growing threats coming from the virtual field. By forcing banks to report attacks, security authorities and financial institutions will establish more protective actions and, in turn, should make it more difficult for these attacks to recur.

“Cyberattacks aimed at the financial services industry have increased in frequency and severity in recent years. These cyber attacks can adversely affect banking organizations' networks, data, systems, and as a consequence, their ability to return to normal operations.” says the project.

DDoS and other cyber attacks on banks must be reported

The procedure of this law stipulates that these decisions must be valid from April 2022 for government banking institutions, with the extension of May of the same year for the market. In the US, banks will need to report cyber attacks such as Denial of Service (DDoS), ransomware and other system breaches.

“Computer security incidents can result from destructive malware or malicious software (cyberattacks), as well as malicious failures caused in hardware and software, personal errors, among other causes”, explains the Final Law on Notification of Computer Security Incidents.

Image: Good luck images/Shutterstock

Read more:

Have you watched our new videos on YouTube do Olhar Digital? Subscribe to the channel!