Five major U.S. banking associations have jointly petitioned the SEC to revoke a rule requiring companies to disclose cybersecurity incidents within four days. They argue that the rule poses risks to operations, national security, and does not effectively protect investors. #SEC #CybersecurityDisclosure #BankingAssociations
Keypoints
- The petitioners include the American Bankers Association, Bank Policy Institute, SIFMA, ICBA, and IIB, representing major financial sectors worldwide.
- The SEC’s 2023 cybersecurity disclosure rule forces companies to report material breaches quickly, often before fully understanding the incident.
- Organizations claim the rule increases market confusion and can mislead investors with incomplete or premature information.
- There are concerns that the rule could be exploited by threat actors, as evidenced by a 2023 incident involving AlphV and MeridianLink.
- Petitioners argue the rule conflicts with other national security protocols and hampers law enforcement and incident response efforts.
Read More: https://thecyberexpress.com/banks-urge-sec-to-end-cyber-disclosure-mandate/