TOPIC: Exam Prep

Cyber Event Reporting

Manager at a bank ($287MUSA)
Our bank ran into an exam issue because we filed our first cyber event SAR.  Our state examiners cited non compliance with FIL-27-2005, which states "Notifying its primary regulator as soon as possible when the institution becomes aware of an incident involving unauthorized access to or use of sensitive customer information". Given that this was our first problem of this type, does anyone have any procedures that we might use to enhance our incident response plan?  Also, given that this guidance is so old, has the standard "as soon as possible" changed.  I think there was a recent letter outlining a possible change to a specific timeframe, due to the lengthier process for a SAR filing.  Any information that is shared would help!  Thank you.