The central bank said it is proposing introducing mandatory reporting of material cyber incidents with 72 hours of detection, reporting of all cyber incidents periodically even if they are not material, and a regular survey on cyber resilience.
The central bank is currently seeking feedback on the proposal before deciding whether to implement the new rules.
RBNZ Director of Prudential Policy Kate Le Quesne said collection of this information will improve the bank’s understanding of cyber resilience in the financial sector.