Banks, Get Ready for New Cybersecurity Regulations


The past few years have wrought significant change in cyber-criminal capability and the inventive solutions created by security experts to counteract their plans. From the Cybersecurity Act of 2021 to more investment in the industry overall, people have been taking notice of how many threats lurk online. As a result, more regulations are being imposed all the time to protect consumers and businesses from the threats that lurk online.

Now, banks are set to experience the next mass cybersecurity reform. This coming spring, American banking institutions will have to meet new standards of transparency and response when it comes to cyber threats.

Improve Reporting and Transparency

Fast action must be taken whenever a breach or corruption is discovered, so you can locate and expel the threat before files are corrupted or stolen. Banks deal with some of the most important and private information that we access through the web: Our money. That’s why they will soon be required to notify significant attacks be reported within 36 hours. They must also notify any customers whose information might have been accessed or compromised in the attack so that they can take their own steps to protect their account as they see fit.

This is a change from previous reporting standards, which only required transparency when it came to the unauthorized access of customer information. Now banks will also have to tell customers about threats that cause general outages, technical issues or disruptions that affect their ability to use the service. All of this is in addition to the expectation that they’ll implement stronger defenses to avoid any of these issues in the first place.

Why These Changes Matter

The overall aim is to get more banks investing in their cybersecurity, however that looks for their particular business. Data breaches are only becoming more common and our financial institutions need the cybersecurity posture to defend against the evolving threat landscape.

Banks currently still face threats from:

  • Unsecured data
  • DDOS or DOS attacks
  • Malware and ransomware
  • Unencrypted third party services
  • Weak passwords
  • Website spoofing
  • Data wiping and/or theft

Opportunities for victimization abound. This is part of the reason why banks are already among the biggest investors in cybersecurity. 95% hire a chief information security officer (CISO) or chief security officer (CSO) already. These institutions also tend to utilize strong cyber insurance policies, in part because financial theft is so rampant. After all, stealing money itself is much faster than hawking stolen goods on the Dark Web.

These new regulations will force banks to improve on their already-tight security to guarantee our finances stay both secure, and easily accessible to us.


Despite current cyber protections and security regulations, increased digitization continues to spur bad actors to invent more complex threats that they can weaponize against businesses like yours. Thus new regulations are coming out, and will continue to evolve, to keep banking institutions and their customers safe from these threats.

As these expectations approach, keep an eye on upcoming regulations to make sure your business is doing its utmost to protect its customers.


Related Posts