Banks regulated by the European Central Bank (ECB) will be forced to reveal all major cyber security breaches from this summer.
Sabine Lautenschlaeger, a member of the ECB's executive board, said that the move would help the organisation to "assess more objectively how many incidents there are and how cyber threats evolve".
"It will also help us to identify vulnerabilities and common pitfalls," she said in a speech in Frankfurt.
British banks, such as the Royal Bank of Scotland (RBS), Barclays and HSBC, which have operations in Europe, will also have to report major cyber breaches to the ECB.
The organisation will also perform regular reviews on cyber security and outsourcing arrangements at banks. Outsourcing IT infrastructure, resources and applications as well as other services can lead to vulnerabilities which cyber criminals will try to exploit.
The new regulations come at a time when banks are increasingly being targeted in highly sophisticated campaigns.
The Russian central bank was hit by the WannaCry ransomware campaign, while an attack on the central bank of Bangladesh resulted in the theft of $81m - out of a total of $951m that could've been stolen if it weren't for a crass spelling mistake by the attackers, believed to be North Korean.
The legislation coincides with the incoming General Data Protection Regulations (GDPR) in the EU, which will come into effect in May next year.
A recent report from Consult Hyperion, commissioned by AllClearID, dubbed Banks, Breaches and Billion Euro Fines, suggested that European financial institutions could face fines totalling €4.7bn in the first three years under GDPR.
The potential financial penalties for a data breach are substantial - either two per cent of the previous year's global turnover revenues for a first offence, and up to four per cent for repeat offences. The size of fines will be substantially mitigated if an organisation can demonstrate that it has followed best practice, though.
The report suggested that the highest risk item in the GDPR is the 72-hour breach-notification requirement.
It's as-yet unclear what the repercussions, if any, there will be if banks fail to notify the ECB of a major cyber security breach.
Microsoft claims Check Point's methodology is all wrong - figure more like five million, not 250 million
Microsoft's explanation still raises as many questions as it answers
Wikileaks dumps info on 'Brutal Kangeroo', the CIA's malware toolkit for hacking 'air-gapped' networks
CIA's Brutal Kangeroo malware suite likened to Stuxnet
Commuters less than chuffed - many fined for not having a ticket