Fed official: banks must recover from cyber attack in two hours

“If you’re waiting for us to give you regulation, you’re behind the curve,” says Fed’s Ferlazzo

Cyber countdown
Critics claim the two-hour RTO is unreasonable

Financial institutions should be capable of a two-hour return to operations (RTO) following a cyber attack, a senior banking supervisor said on Tuesday (June 20).

The two-hour RTO was contained in an advanced notice of proposed rulemaking issued in November 2016 by the Fed and two other US prudential regulators – the Office of the Comptroller of the Currency and the Federal Deposit Insurance Corporation.

Regulators are still considering whether to impose the two-hour RTO despite criticisms

Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact [email protected] or view our subscription options here: http://subscriptions.risk.net/subscribe

You are currently unable to copy this content. Please contact [email protected] to find out more.

Sorry, our subscription options are not loading right now

Please try again later. Get in touch with our customer services team if this issue persists.

New to Risk.net? View our subscription options

If you already have an account, please sign in here.

To continue reading...

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here: