On May 22, 2025, five U.S. banking groups led by the American Bankers Association sent a letter to the U.S. Securities and Exchange Commission (SEC), asking it to repeal the cybersecurity incident public disclosure requirements. The banking groups included the Securities Industry and Financial Markets Association, the Bank Policy Institute, the Independent Community Bankers of America, and the Institute of International Bankers. Here are their main arguments:
Conflict with Confidential Reporting Requirements: Disclosing cybersecurity incidents directly conflicts with the confidential reporting requirements designed to protect critical infrastructure and warn potential victims. The rule undermines regulatory efforts to enhance national cybersecurity.
Interference with Incident Response and Law Enforcement: The “complex and narrow disclosure delay mechanism” in the rule disrupts incident response and law enforcement and creates “market confusion” between mandatory and voluntary disclosures.
Vulnerability to Criminal Exploitation: Public disclosure has been “weaponized” by ransomware criminals as an extortion method, and premature disclosures aggravate insurance and liability issues for companies. It also risks “chilling” candid internal communications and routine information sharing.
Unnecessary for Investor Protection: The groups believe that without Item 1.05 in the SEC’s Form 8 – K reporting rules (which requires public companies to report cybersecurity incidents to the public within four days), investor interests will still be protected. They think that investors would be better served through the existing disclosure framework for reporting material information, which may include material cybersecurity incidents.
The SEC’s cybersecurity risk management rule, published in July 2023, requires companies to disclose cybersecurity incidents such as data breaches or hacks in a timely manner. However, the banking groups argue that this rule was flawed from the beginning and has proven to be problematic in practice.
Related topic:
- Nasdaq-listed company BTCS added 8.4 million Ether to the company’s liquidity pool
- Hyperliquid platform now has a $1.1 billion long bet on Bitcoin with a 40x leverage, setting a new record for the year
- Binance Seeks Dismissal of FTX’s $1.76B Lawsuit, Citing Lack of Jurisdiction and ‘Speculative’ Claims
