Regulators order banks to brace for cyberattacks

Big banks will have to toughen up their cybersecurity practices to protect customers against attacks, according to proposed new regulations.

Under the new rules, banks would have to employ the most effective controls available and be able to recover from a cyberattack within two hours. The proposals, released Wednesday by the Federal Reserve, FDIC and the Comptroller of the Currency, will focus on the 35 or so banks that have assets of more than $50 billion.

Banks will get several months to comment on the rules, which could be finalized in January.

"Covered entities would be required to be capable of operating critical business functions in the face of cyber-attacks," the regulators said in a statement.

Hackers routinely try to hack their way into big bank systems, though major U.S. institutions haven't suffered any substantial harm so far. One of the highest-profile hacks occurred this year when attackers siphoned $81 million out of the Bank of Bangladesh's account at the New York Fed.

"We should be really worried about what those worst-case scenarios are and then work with that kind of urgency before we have one of those worst-case scenarios," Ben Lawsky, who regulated banks in New York when he was the state's superintendent of financial services, told CNBC in June.

—CNBC's Eamon Javers contributed reporting.