The SEC’s proposal to require publicly traded companies to disclose the cybersecurity incidents they experience has drawn conflicting responses from industry groups.
The National Association of Corporate Directors, monitoring firm Security Scorecard, and the threat-intelligence sharing organization Cyber Threat Alliance have released a joint report that these rules “would strengthen the ability of public companies, funds and advisors to combat cybersecurity threats and implement risk mitigation processes.”
However, the U.S. Chamber of Commerce, the Securities Industry and Financial Markets Association, and the Information Technology Industry Council argue that the rules could duplicate the requirement to report incidents to CISA included in the recently passed Cyber Incident Reporting for Critical Infrastructure Act, which should take priority as the intent of Congress.
Source:
