MAY 11, 2022 | NORTH AMERICA | US
Businesses Seek to Soften SEC Cyber Rules
Wall Street Journal, May 11, 2022
By David Uberti and James Rundle
Companies including Chevron Corp. , Quest Diagnostics Inc. and Ernst & Young LLP are pushing to narrow proposed cybersecurity rules from the Securities and Exchange Commission in the private sector’s latest attempt to shape a growing array of regulations by Washington.
In comments on rules proposed by the SEC, businesses in recent days have urged the agency to harmonize its deadline of four business days to disclose security incidents with similar rules from other agencies. They also warned public disclosures could result in new compliance costs, additional confusion while responding to breaches and hits to their stock prices.
Others warned that public reports could provide hackers information while attacks are in progress. “If a registrant discloses that it is currently the victim of a material cyber incident, that would tip off the malicious actor that the registrant is aware they’re in the victim company’s systems,” said Henry Young, policy director at industry lobbying group BSA, The Software Alliance, which represents commercial software makers. That may prompt hackers to steal data faster, or speed up timelines on attacks such as ransomware strikes once tipped off, he said.
BSA |“软件联盟”(www.bsa.org) 是全球软件行业的主要倡导者，旨在代表该行业，向政府和国际市场发声。其成员包括全球最具创新力的公司，这些公司制定的软件解决方案，不但能够刺激经济，还能提升现代生活的品质。
BSA 的总部位于华盛顿特区，其营运机构遍布 30 多个国家。BSA 凭借这些机构，率先涉足合规项目，以期促进使用合法软件、倡导制定公共政策，并以此培养技术创新能力，以及推动发展数字经济。