A coalition of financial industry groups, led by the Securities Industry and Financial Markets Association (SIFMA), is urging the Securities and Exchange Commission (SEC) to reconsider its cybersecurity disclosure rule, citing significant risks to companies and investors.
In a joint letter submitted on May 22, major trade associations — including the American Bankers Association, Bank Policy Institute, Independent Community Bankers of America, and the Institute of International Bankers — asked the SEC to roll back the requirement under Form 8-K Item 1.05. This rule mandates that public companies disclose material cybersecurity incidents within four business days of determining their impact.
The petition highlights that the rule has led to hasty and speculative disclosures, which not only confuse investors but also create legal liabilities and cyber vulnerabilities. According to the groups, the current structure compromises confidential threat-reporting processes maintained by other federal agencies and may be exploited by cybercriminals.
A prominent example cited in the letter involves ransomware group AlphV, which reported its victim, MeridianLink, to the SEC in 2023 for allegedly not disclosing a breach — demonstrating how malicious actors might weaponize the rule.
The trade associations also criticized the rule’s narrow exemption clause, which requires attorney general intervention to delay disclosures on national security grounds. They argue this is impractical during fast-moving cyber incidents and hinders timely, coordinated responses.
Furthermore, the petition points out that the threat of SEC enforcement has had a chilling effect on internal and external communication about cybersecurity threats, with companies reluctant to share intelligence for fear of legal scrutiny.
Despite the rule’s intent to protect investors, the groups argue that existing SEC guidance already ensures material cyber events are reported. They also note that many firms voluntarily use Form 8-K Item 8.01 for disclosures, offering a more flexible alternative.
SEC Commissioner Hester Peirce, known for her critical stance on regulatory overreach, has previously questioned the scope of the disclosure rule, stating it exceeds the SEC’s authority and could ultimately harm investors.
The petition concludes by calling for a return to a principles-based disclosure framework, arguing this would lead to clearer, more useful information for the market.
Want to stay ahead of the curve in personal finance? Dive into more expert-driven insights at Finance Tech News.
News Source: Finance.Yahoo.com
