Wall Street Journal, May 11, 2022. Others warned that public reports could provide hackers information while attacks are in progress. “If a registrant discloses that it is currently the victim of a material cyber incident, that would tip off the malicious actor that the registrant is aware they’re in the victim company’s systems,” said Henry Young, policy director at industry lobbying group BSA, The Software Alliance, which represents commercial software makers. That may prompt hackers to steal data faster, or speed up timelines on attacks such as ransomware strikes once tipped off, he said. Read more

Politico Pro Morning Cyber, May 10, 2022. BSA | The Software Alliance, which represents software providers, took a different tone than the Chamber and ITI, and instead requested that the SEC alter its rules to strike a balance between what businesses are capable of doing and what investors would like to see. BSA also recommended that the SEC provide an exemption for companies to delay disclosing an incident in a publicly available 8-K form whenever “premature disclosure can be reasonably anticipated to cause substantial negative consequences” to law enforcement investigations. Read more

The Washington Post, May 10, 2022.The Washington Post reports that the Securities and Exchange Commission’s proposed rules, which are aimed at raising companies’ cybersecurity precautions and transparency, could force companies to prematurely report hacks publicly. BSA | The Software Alliance warned that “unintended impact on registrants, investors, law enforcement, and the health and safety of U.S. persons would outweigh any benefits.” Read more

InsideCybersecurity, April 27, 2022. BSA | The Software Alliance addresses the challenge of updating the cybersecurity framework with new material while keeping it concise and user friendly, in comments to NIST on the agency’s efforts to craft “CSF 2.0.” “As NIST considers whether and how to update the Framework, BSA urges NIST to do everything in its power to do ensure that the Cybersecurity Framework remains the most helpful 21 pages in cybersecurity. Too often documents increase in volume but decline in value. One important source of value the Cybersecurity Framework provides is only including the cybersecurity information that NIST and its stakeholders identify as the most important,” BSA told NIST on Monday in its submission on the cybersecurity framework update. Read more