Key Takeaways:
- Leading U.S. financial associations jointly petition the SEC to amend cybersecurity incident disclosure rules.
- Premature disclosure mandates under Item 1.05 are cited as harmful and counterproductive.
- Petitioners argue existing frameworks already protect investors without increasing systemic risk.
A powerful coalition of financial industry organizations, including the American Bankers Association, the Bank Policy Institute, and others, has filed a formal petition urging the U.S. Securities and Exchange Commission (SEC) to revisit and revise its cybersecurity disclosure regulations.
The petition focuses on rescinding Form 8-K Item 1.05 and its equivalent for foreign issuers, claiming these requirements create serious unintended consequences without delivering meaningful benefits to investors.
The proposed rule, introduced as a part of the Exchange Commission’s larger Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure program, mandates the disclosure of material cybersecurity incidents by public firms promptly.
Nevertheless, the finance groups warn that the requirements lead the firms to disclose incomplete,…
