Close Menu
    DevStackTipsDevStackTips
    • Home
    • News & Updates
      1. Tech & Work
      2. View All

      CodeSOD: A Unique Way to Primary Key

      July 22, 2025

      BrowserStack launches Figma plugin for detecting accessibility issues in design phase

      July 22, 2025

      Parasoft brings agentic AI to service virtualization in latest release

      July 22, 2025

      Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

      July 21, 2025

      The best CRM software with email marketing in 2025: Expert tested and reviewed

      July 22, 2025

      This multi-port car charger can power 4 gadgets at once – and it’s surprisingly cheap

      July 22, 2025

      I’m a wearables editor and here are the 7 Pixel Watch 4 rumors I’m most curious about

      July 22, 2025

      8 ways I quickly leveled up my Linux skills – and you can too

      July 22, 2025
    • Development
      1. Algorithms & Data Structures
      2. Artificial Intelligence
      3. Back-End Development
      4. Databases
      5. Front-End Development
      6. Libraries & Frameworks
      7. Machine Learning
      8. Security
      9. Software Engineering
      10. Tools & IDEs
      11. Web Design
      12. Web Development
      13. Web Security
      14. Programming Languages
        • PHP
        • JavaScript
      Featured

      The Intersection of Agile and Accessibility – A Series on Designing for Everyone

      July 22, 2025
      Recent

      The Intersection of Agile and Accessibility – A Series on Designing for Everyone

      July 22, 2025

      Zero Trust & Cybersecurity Mesh: Your Org’s Survival Guide

      July 22, 2025

      Execute Ping Commands and Get Back Structured Data in PHP

      July 22, 2025
    • Operating Systems
      1. Windows
      2. Linux
      3. macOS
      Featured

      A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

      July 22, 2025
      Recent

      A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

      July 22, 2025

      “I don’t think I changed his mind” — NVIDIA CEO comments on H20 AI GPU sales resuming in China following a meeting with President Trump

      July 22, 2025

      Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

      July 22, 2025
    • Learning Resources
      • Books
      • Cheatsheets
      • Tutorials & Guides
    Home»Development»U.S. Banking Associations Petition SEC to Rescind Cyber Breach Reporting Mandate

    U.S. Banking Associations Petition SEC to Rescind Cyber Breach Reporting Mandate

    May 26, 2025

    SEC

    Five major banking associations have formally petitioned the U.S. Securities and Exchange Commission (SEC) to repeal a rule that mandates public companies to disclose material cybersecurity incidents within four business days.

    The organizations argue that the rule, particularly the reporting requirement under Form 6-K for foreign issuers and Form 8-K Item 1.05 for domestic issuers, poses unnecessary risks and fails to serve its intended purpose of investor protection. 

    The petition, submitted under Rule 192 of the SEC’s Rules of Practice, was jointly signed by the American Bankers Association (ABA), Bank Policy Institute (BPI), Securities Industry and Financial Markets Association (SIFMA), Independent Community Bankers of America (ICBA), and the Institute of International Bankers (IIB).

    Together, these organizations represent the vast majority of the U.S. and global financial services sector, including firms that collectively manage trillions in assets and employ millions across the country. 

    The Case Against the SEC Rule 

    The SEC’s Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rule, which went into effect in 2023, includes controversial disclosure mandates. These requirements oblige companies to publicly announce material cybersecurity breaches within a tight, four-day timeframe—even if the incident is still under investigation or not fully remediated. 

    “Premature disclosure has harmed registrants and, at the same time, failed to provide the market with meaningful or actionable information upon which to make investment decisions,” the petition asserts. The banking groups further argue that the rule increases confusion in the market. Companies often struggle to decide whether to report under Item 1.05, Item 8.01, or whether to report at all. This confusion has persisted despite multiple SEC-issued Compliance & Disclosure Interpretations, commissioner statements, and comment letters. 

    The banking groups also highlight that the Form 6-K disclosure requirement for foreign private issuers mirrors the same problems as Form 8-K Item 1.05, adding unnecessary complexity for globally operating institutions. 

    Real-World Consequences 

    The petitioners point to tangible impacts already observed since the rule took effect. For example, they cite that registrants have been forced into disclosure before fully understanding the scope or implications of a breach. This, they argue, not only undermines their cybersecurity response efforts but also misleads investors with incomplete information.

    One consequence noted is the weaponization of the disclosure rule by threat actors. In 2023, the hacking group AlphV filed an SEC complaint against MeridianLink, alleging it failed to report a data breach as required. Incidents like this suggest that criminals are exploiting the regulatory framework to exert additional pressure during ransomware attacks.

    The financial groups warn that such misuse of the rule could expose companies to greater cybersecurity risks, increased insurance liabilities, and greater financial harm due to premature or unclear disclosures. 

    Conflict with National Security and Law Enforcement 

    Another key argument is that the rule directly conflicts with other regulatory efforts aimed at national cybersecurity. Mandatory public disclosures may interfere with confidential incident reporting required under other federal programs and hinder law enforcement investigations. 

    “The complex and narrow disclosure delay mechanism interferes with incident response and law enforcement investigations,” the petition explains. Furthermore, the public nature of the disclosures may discourage candid internal communications and limit collaboration within companies during incident response efforts. 

    A Call for a Better Alternative 

    The petitioners argue that the existing disclosure framework, which already requires the reporting of all material information, including cybersecurity incidents, offers adequate investor protection without the added risks imposed by the current rule. 

    They emphasize that the SEC’s own staff has had to create a “patchwork” of guidance and comment letters in an attempt to clarify the rule, reflecting the fundamental problems in its design. The banking groups have urged the SEC to fully rescind Form 8-K Item 1.05 and the corresponding Form 6-K requirement. 

    Conclusion  

    The petition to rescind the SEC’s cybersecurity incident disclosure rule represents a unified and forceful stance from some of the most influential voices in the financial services industry. Led by the American Bankers Association, which represents a $24.1 trillion industry, along with the Bank Policy Institute, a leader in cybersecurity and risk management advocacy, the coalition also includes SIFMA, representing one million capital markets employees, the Independent Community Bankers of America, which champions the role of community banks, and the Institute of International Bankers, representing U.S. operations of banks from over 35 countries.

    Together, these organizations are urging the SEC to reconsider the rapid disclosure mandates under Form 6-K and Form 8-K Item 1.05, citing operational risks, national security concerns, and inadequate investor benefit.  

    Source: Read More

    Facebook Twitter Reddit Email Copy Link
    Previous Article⚡ Weekly Recap: APT Campaigns, Browser Hijacks, AI Malware, Cloud Breaches and Critical CVEs
    Next Article How to upskill software engineering teams in the age of AI

    Related Posts

    Development

    GPT-5 is Coming: Revolutionizing Software Testing

    July 22, 2025
    Development

    Win the Accessibility Game: Combining AI with Human Judgment

    July 22, 2025
    Leave A Reply Cancel Reply

    For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

    Continue Reading

    Spring Security Vulnerability Let Attackers Determine Which Usernames are Valid

    Security

    CVE-2025-5435 – Marwal Infotech CMS SQL Injection Vulnerability

    Common Vulnerabilities and Exposures (CVEs)

    The Future is Now: How to Create a YouTube Channel Using Only AI (Researched by Srinidhi Ranganathan)

    Artificial Intelligence

    Jakarta EE 11 Platform launches with modernized Test Compatibility Kit framework

    Tech & Work

    Highlights

    CVE-2025-52825 – Rameez Iqbal Real Estate Manager CSRF Privilege Escalation

    June 20, 2025

    CVE ID : CVE-2025-52825

    Published : June 20, 2025, 3:15 p.m. | 2 hours, 59 minutes ago

    Description : Cross-Site Request Forgery (CSRF) vulnerability in Rameez Iqbal Real Estate Manager allows Privilege Escalation. This issue affects Real Estate Manager: from n/a through 7.3.

    Severity: 8.8 | HIGH

    Visit the link for more details, such as CVSS details, affected products, timeline, and more…

    CVE-2025-20665 – Samsung Android SELinux Policy Missing Disclosure Vulnerability

    May 4, 2025

    Poll: Has YouTube taken its war on ad blockers too far?

    June 17, 2025

    CVE-2024-12273 – CalculatedRoute Form WordPress Stored Cross-Site Scripting

    April 29, 2025
    © DevStackTips 2025. All rights reserved.
    • Contact
    • Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.