MAY 11, 2022 | NORTH AMERICA | US
Businesses Seek to Soften SEC Cyber Rules
Wall Street Journal, May 11, 2022
By David Uberti and James Rundle
Companies including Chevron Corp. , Quest Diagnostics Inc. and Ernst & Young LLP are pushing to narrow proposed cybersecurity rules from the Securities and Exchange Commission in the private sector’s latest attempt to shape a growing array of regulations by Washington.
In comments on rules proposed by the SEC, businesses in recent days have urged the agency to harmonize its deadline of four business days to disclose security incidents with similar rules from other agencies. They also warned public disclosures could result in new compliance costs, additional confusion while responding to breaches and hits to their stock prices.
Others warned that public reports could provide hackers information while attacks are in progress. “If a registrant discloses that it is currently the victim of a material cyber incident, that would tip off the malicious actor that the registrant is aware they’re in the victim company’s systems,” said Henry Young, policy director at industry lobbying group BSA, The Software Alliance, which represents commercial software makers. That may prompt hackers to steal data faster, or speed up timelines on attacks such as ransomware strikes once tipped off, he said.
Original Posting: https://www.wsj.com/articles/businesses-seek-to-soften-sec-cyber-rules-11652261401
ABOUT BSA
The Business Software Alliance (www.bsa.org) is the global trade association of the enterprise software industry, representing companies that are leaders in artificial intelligence, cybersecurity, cloud computing, and other cutting-edge technologies. We work in over 20 markets in the US, Europe, and Asia, advocating for policies that build trust in technology so that every industry sector and the public can benefit from innovation.