Experts Blog

Fortalice Client Advisory: New Bank Cybersecurity Incident Reporting Rules
August 12, 2022
Fortalice Solutions

From the Desk of the CEO,

In case you missed it, banking organizations now have several new rules to follow with respect to cybersecurity incident reporting. As of May 1, banks are now required to notify their primary Federal regulator of any qualifying ‘‘computer-security incident’’ within 36 hours.

This final rule – penned by the Department of the Treasury Office of the Comptroller of the Currency, the Board of Governors of the Federal Reserve System, and the Federal Deposit Insurance Corporation – also requires banking organizations to notify customers “as soon as possible” if such incidents cause (or are likely to cause) four or more hours of material disruption or degraded service.

While this new rule is a necessary step toward greater security in our financial system, your existing resources, including your personnel, might not be currently prepared or equipped to keep up. 

What You Should Do Right Now

To quickly meet the new strict timeframe, Fortalice first recommends that all banking organizations review the new rule passed by the collective of U.S. regulators:

Additionally, we strongly urge you to take a comprehensive review of your incident response plans (IRPs) to determine your organization’s current cybersecurity event reporting requirements. These requirements include your mandatory reporting timeframe, who you’re reporting to, and what information you must share.

How Fortalice Can Help

If this new rule and its various requirements have your head spinning and you need more thorough guidance, the Fortalice team is at your service:

  • Updating Incident Response Plans: Our Custom Solutions team is highly skilled in weaving policy requirements into our clients’ incident response plans, so you’ll never be concerned that your organization is missing the mark. 
  • Test Your Incident Readiness: The Fortalice Strategic Communications team is ready to help you test out your updated IRPs through tailored tabletop exercises that fit your organization’s ever-expanding and continuously evolving security needs.

For additional information on Fortalice Solutions service offerings, contact the team via email at

Be healthy. Be safe. Be well.

Theresa Payton


Let's Talk
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.