President Joe Biden has announced his intention to veto a Senate effort aimed at repealing the Securities and Exchange Commission (SEC) rule, which mandates companies to disclose cybersecurity incidents to investors. This rule, which officially took effect on December 18, 2023, is at the center of a contentious debate, with Republican senators arguing it oversteps the SEC’s authority and advocates defending it as crucial for investor transparency and national security.
Critics of the rule argue that cybersecurity incident notifications are better handled by the Cybersecurity and Infrastructure Security Agency, indicating a broader discussion on the balance between transparency, security, and regulatory authority.
Why it matters: The confrontation over the Securities and Exchange Commission’s cyber incident reporting rule underscores a pivotal moment in the regulation of cybersecurity within the financial sector. This debate encapsulates the broader challenge of balancing regulatory oversight with the need for corporate flexibility in managing cyber risks.
- The SEC provided clarifications before the rule’s implementation, noting that while companies are required to share information about material cyber incidents, they are not obligated to disclose technical details that could aid attackers. Furthermore, companies have the option to delay disclosure if doing so poses a substantial risk to national security or public safety, introducing a measure of flexibility in how the rule is applied.
- The article mentions the Congressional Review Act (CRA) as the tool for challenging the SEC rule. The CRA lets Congress nullify federal rules with a majority vote, subject to presidential veto, which then needs a two-thirds majority in both chambers to override, showing the intricate government dynamics in regulation.
- The outcome of this legislative battle will have lasting implications for how cyber incidents are disclosed to investors, potentially setting new standards for transparency and cybersecurity investment.
Go Deeper -> Biden to Veto Attempt to Overturn SEC Cyber Incident Disclosure Rules – SecurityWeek
Biden threatens veto against Senate attempt to repeal SEC cyber incident reporting rule – The Record