China’s top financial regulator proposed new cybersecurity rules for the banking and insurance sectors that would hold top executives accountable for severe network outages and data breaches. The draft rules from the National Financial Regulatory Administration (NFRA) categorize cyber incidents into four tiers based on severity.
Under these regulations, institutions facing “extremely serious” breaches, such as major data leaks or multi-province outages lasting three hours or more, would be required to take immediate remedial action. They must notify users and report to regulators every two hours until the issue is resolved.




