Financial-sector groups urge regulators to revamp 36-hour cyber incident reporting proposal

Groups from the financial sector are offering qualified support for a proposed new federal cyber incident-reporting rule, saying in joint comments to banking regulators it would formalize “a voluntary practice that already exists,” while calling on officials to revamp the threshold for notification and limit it to events that cause “actual” harm, among other changes to a proposal issued in January.

“While we support the policy goals of the proposed rule, we believe that, as currently drafted, the proposed rule...