US EditionBanking Groups Ask SEC to Drop Cybersecurity Incident Disclosure Rule
- On May 22, 2025, five prominent U.S. Banking associations, with the American Bankers Association at the forefront, jointly petitioned the SEC to eliminate its cybersecurity incident disclosure mandate.
- The petition arises from concerns that the SEC's July 2023 rule mandating rapid public disclosure conflicts with confidential reporting and hinders incident response and law enforcement.
- The coalition argues the rule exposes firms to extortion by ransomware actors, causes market confusion, and risks chilling internal communications essential for cybersecurity defense.
- The letter states the rule’s "complex and narrow disclosure delay mechanism" worsens issues; premature disclosures harm companies by increasing liability and insurance risks.
- If rescinded, the groups claim investor protection would persist under the existing framework, while giving firms more time to manage incidents without exposing vulnerabilities prematurely.
This story is only covered by news sources that have yet to be evaluated by the independent media monitoring agencies we use to assess the quality and reliability of news outlets on our platform. Learn more here.14 Articles
14 Articles
BizToc
PYMNTS.comBanks Want SEC to Rescind Cyberattack Disclosure Requirements
American banking groups want the Securities and Exchange Commission (SEC) to revoke its cybersecurity incident disclosure requirements. These groups, led by the American Bankers Association (ABA), wrote to the SEC last week, contending that disclosing cybersecurity incidents “directly conflicts…
Banking Groups Push Back on SEC’s Cyberattack Disclosure Rule
Top U.S. banking associations are pressing the Securities and Exchange Commission to roll back a rule that forces public companies to disclose major cybersecurity breaches within four business days. In a letter sent May 22, five major financial groups—including the American Bankers Association and the Securities Industry and Financial Markets Association—argued the rule clashes with […]
Industry Leaders Challenge SEC Cyber Risk Management Disclosure Rule
Key Takeaways: Leading U.S. financial associations jointly petition the SEC to amend cybersecurity incident disclosure rules. Premature disclosure mandates under Item 1.05 are cited as harmful and counterproductive. Petitioners argue existing frameworks already protect investors without increasing systemic risk. A powerful coalition of financial industry organizations, including the American Bankers Association, the Bank Policy Institute, and o…
Banking Groups Urge SEC To End Cyber Disclosure Mandate - Cybernoz - Cybersecurity News
Five major banking associations have formally petitioned the U.S. Securities and Exchange Commission (SEC) to repeal a rule that mandates public companies to disclose material cybersecurity incidents within four business days. The organizations argue that the rule, particularly the reporting requirement under Form 6-K for foreign issuers and Form 8-K Item 1.05 for domestic issuers, poses unnecessary risks and fails to serve its intended purpose …
Coverage Details
Bias Distribution
- There is no tracked Bias information for the sources covering this story.
To view factuality data please Upgrade to Premium
Ownership
To view ownership data please Upgrade to Vantage
