Insider Intelligence delivers leading-edge research to clients in a variety of forms, including full-length reports and data visualizations to equip you with actionable takeaways for better business decisions.
In-depth analysis, benchmarks and shorter spotlights on digital trends.
Learn More
Interactive projections with 10k+ metrics on market trends, & consumer behavior.
Learn More
Proprietary data and over 3,000 third-party sources about the most important topics.
Learn More
Industry KPIs
Industry benchmarks for the most important KPIs in digital marketing, advertising, retail and ecommerce.
Learn More
Client-only email newsletters with analysis and takeaways from the daily news.
Learn More
Analyst Access Program
Exclusive time with the thought leaders who craft our research.
Learn More

About Insider Intelligence

Our goal at Insider Intelligence is to unlock digital opportunities for our clients with the world’s most trusted forecasts, analysis, and benchmarks. Spanning five core coverage areas and dozens of industries, our research on digital transformation is exhaustive.
Our Story
Learn more about our mission and how Insider Intelligence came to be.
Learn More
Rigorous proprietary data vetting strips biases and produces superior insights.
Learn More
Our People
Take a look into our corporate culture and view our open roles.
Join the Team
Contact Us
Speak to a member of our team to learn more about Insider Intelligence.
Contact Us
See our latest press releases, news articles or download our press kit.
Learn More
Advertising & Sponsorship Opportunities
Reach an engaged audience of decision-makers.
Learn More
Browse our upcoming and past events, recent podcasts, and other featured resources.
Learn More
Tune in to eMarketer's daily, weekly, and monthly podcasts.
Learn More

US banks’ cybersecurity reporting mandate could empower consumers and increase their digital trust

The news: Banks in the US face new reporting requirements of major cybersecurity incidents to regulators and consumers, per a new rule adopted by three regulators.

More on this: The rule obligates banks to inform their primary federal regulator about significant incidents within 36 hours of their determination that they took place.

  • Covered incidents are those that materially impact—or are likely to impact—banks’ operations, the financial sector’s stability, or banks’ service-delivery capabilities.
  • The consumer-reporting component mandates disclosure “as soon as possible” for any incident that materially affects consumers, or is likely to make an impact, for at least four hours.
  • Cyber incidents that the regulators are concerned about include using malware, mistakes made by banking personnel, and “non-malicious” software or hardware failures.

The regulation was green-lit by the Office of the Comptroller of the Currency (OCC), the Federal Reserve, and the FDIC. It takes effect on April 1, 2022, and banks must comply by May 1, 2022.

The rationale: Banks and their customers are increasingly on the receiving end of cyber attacks. The rule’s overview cites US Treasury Department data showing that the number of related Suspicious Activity Reports has ballooned, going from 1,221 in 2018 to 20,086 in 2020.

Regulators outlined how they want the rule to improve their responses to cyber attacks through:

  • Faster awareness and better threat assessments.
  • Being able to offer banks guidance sooner.
  • Moving quicker to approve banks’ requests for help from the Treasury Department’s Office of Cybersecurity and Critical Infrastructure Protection.

The big takeaway: The requirements mandate transparency, which could improve consumers’ trust in their banks and empower them to take steps sooner to reduce personal data risks.

The changes will also result in quicker action from officials to squelch any spread in the severity of cyber attacks.In some recent incidents, customers have been kept in the dark for for a week or more:

  • First Horizon took about two weeks in April 2021 before it disclosed a breach involving access to accounts and the theft of customers’ funds.
  • Capital One waited 10 days in July 2019 before revealing a data breach for the personal information of credit-card applicants.
  • Flagstar Bank learned in January 2021 that a vendor, Accellion, had a vulnerability on its platform. However, the bank didn’t notify customers until March 2021.

Banks with lagging cybersecurity disclosures risk undermining the trust of their customers, which is bad for business. For example, our 2021 Banking Digital Trust Report shows that security was the highest-rated of six factors for respondents’ determinations of trust, with 78.7% marking it as “extremely important.”

Respondents with above-average digital trust were also likelier to patronize their banks than those with below-average trust:

  • They are more likely to open their next accounts or products with their current bank, with 38.8% to just 21.3% for the below-average group.
  • Above-average trust respondents were also more likely to have multiple accounts with their bank, at 37.1% to 28.3%.