Banks would have to be able to recover from a cyberattack within two hours, according to proposed new regulations.