Banks Fight To Scrap an SEC Cyberattack Rule

by: Carter Pape

Major banking trade groups are lobbying the U.S. Securities and Exchange Commission to eliminate a 2023 rule that requires public companies to disclose major cybersecurity incidents within four business days, arguing it can help attackers and harm security. At the same time, the same groups are pushing Congress to preserve a separate law that allows companies to share cyber threat information privately with government agencies, which they say strengthens collective defenses. The industry groups argue that confidential reporting is sufficient for regulators and safer than public disclosure, especially as AI could amplify risks by helping attackers analyze filings.

Read the full article on American Banker

CONTACT BISA 2001 K Street, NW, 3rd Floor North Washington, DC 20006
p:	202-367-1111
f:	202-367-2111
e:	bisa@BISAnet.org

Banks Fight To Scrap an SEC Cyberattack Rule

After the Hype, Teachable Moments

North American Life Insurers Hold Firm Despite Market Turbulence

Banks Fight To Scrap an SEC Cyberattack Rule