<ul><li>US banks are resisting a recent SEC ruling that mandates the disclosure of cyber attacks, citing added strain and complexity to their operations.</li><li>The rule requires public companies to disclose cyber incidents, including impact and scope, within a short timeframe, potentially before internal investigations are completed.</li><li>Banks argue that the additional disclosure obligations could escalate pressure during ransomware attacks and be leveraged by attackers for extortion.</li><li>In response, the banking group has lobbied for extensions to data protection and cybersecurity requirements, while Australia has implemented a similar rule mandating ransomware payment disclosures within 72 hours for organizations above a certain turnover.</li></ul>

US banks don't want to have to reveal when they've been hacked

Discover more