A coalition of banking industry associations, including SIFA, the American Bankers Association (ABA), Bank Policy Institute (BPI), and several other lobbying groups have made a disgraceful appeal to the SEC to eliminate the rule requiring public disclosure of material cybersecurity incidents within four days of detection.
This rule was established to ensure shareholders are properly informed and potential victims receive timely notice so they can take protective action, which wasn’t happening consistently before the rule took effect.
The lobbyists have cobbled together six supposed reasons for its request. Let’s be clear: they’re all bogus. Let’s break them down.
1. It conflicts with confidential reporting requirements designed to protect critical infrastructure and warn potential victims, thus compromising coordinated national cybersecurity efforts.
Absolutely not. A brief, non-sensitive summary submitted via an 8-K form does not endanger critical infrastructure. It allows investors to disinvest if they so choose without being at a disadvantage. Notifying victims does not “compromise” security, it enhances t
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.