Let’s talk about the new federal bank regulation that goes into effect in April 2022.

It will require organizations to notify about a breach within 36 hours, which is the shortest breach notification reporting requirement of any law to date.

The clock starts ticking when the organization determines that an incident has occurred.

A serious computer incident is usually defined as an incident that materially disrupts or degrades the performance of an organization.

I believe that this rule will introduce more transparency around breach events. (However, what constitutes a breach is not yet well defined.)

My recommendation for organizations is to ensure that they have a continuous and fast detection capability to detect any incident quickly.

To do that, I strongly advise getting a retainer with a pre-breach and post-breach forensics firm.

Because if you do face the unfortunate situation where you experience a material incident, you need to know who to call immediately so that you can dispatch experts on-site to:

• diagnose the root cause and fix it
• work with lawyers and counsel to prepare the case

Overall, I do believe that this heightened and accelerated reporting requirement will lead to organizations building more cyber resilience.

Thoughts?

Website:
https://securityscorecard.com

SecurityScorecard is the global leader in cybersecurity ratings and the only
service with over 12 million companies continuously rated. The company is headquartered in New York and operates in 64 countries around the globe.

#cybersecurity #cyberrisk #cyberratings #linkedin