The defense groups of American banking and financial services asked the Securities and Exchange Commission to repeal its requirements of incidental cybersecurity public disclosure.
Five American banking groups led by the American Bankers Association asked the regulator to delete his rule in a letter of May 22, arguing that the disclosure of cybersecurity incidents “is in conflict directly with confidential report requirements intended to protect critical infrastructure and to warn potential victims”.
The group, which also included the Securities Industry and Financial Markets Association, the Bank Policy Institute, Independent Community Bankers of America and the Institute of International Bankers, said the rule compromises regulatory efforts to improve national cybersecurity.
The SEC cybersecurity risk management rule, published in July 2023, obliges companies to quickly disclose cybersecurity incidents such as data violations or hacks. However, banking groups argue that this rule was imperfect from the start and proved problematic in practice since it has taken effect.
Banking organizations have said that the “late and narrow disclosure of disclosure mechanism” interferes with the response of incidents and the police and creates a “market confusion” between compulsory and voluntary disclosure.
Public disclosure has also been “armed as an extortion method by ransomware criminals to malicious objectives” and premature disclosure aggravates insurance and liability problems for businesses and “risk frank internal communications and the sharing of franc routine information”, said the group.
The groups specifically want to “article 1.05” to be canceled from the SEC rules for 8-k report requirements and parallel report applicable to form 6-K.
The 8-K form is used to publicly inform investors of American public public events, including cybersecurity incidents, which can be important for shareholders or the SEC.
“In a critical way, without the point 1.05, the interests of investors will always be protected, and we believe that they would be better served in the context of preexisting disclosure for the declaration of material information, which may include significant cybersecurity incidents,” the groups said.
In relation: Pirates using a false Live Ledger application to steal seed sentences and drain the crypto
The complete petition included examples of the participants’ confusion, specific incidents of ransomware attacks and documented regulatory conflicts.
Crypto public enterprises had an impact
The requirement also has an impact on cryptographic companies listed on the stock market such as Coinbase, which revealed earlier this month that the pirates had united its assistance staff to flee their user data.
The disclosure saw the company strike with at least seven prosecution for disclosure.
Coinbase said he had rejected a ransom request of $ 20 million after the staff had disclosed user data in a major phishing attack, which, according to the exchange, could cost him up to $ 400 million in damages.
If the SEC cancels the requirement, it can give companies such as Coinbase more time to disclose cybersecurity incidents to the public.
Review: Bitcoin Bears Eye 69K $, Cz denies the rumors of the WLF “ fix ”: Hodler’s digest
