Skip to content
Members Only Article

In Deregulatory Climate, Critics of Cybersecurity Rules Get Heard

September 12, 2025 | 4 minutes reading time | By David Weldon

Industry groups push for streamlined and less costly incident reporting requirements.

At a time of regulatory rollbacks and recalibrations, companies and industries are pushing back on cybersecurity rules, calling for changes to reduce costs and eliminate duplicative reporting requirements.

Such complaints were aired before and since rulemakings by the U.S. Cybersecurity and Infrastructure Security Agency, the Securities and Exchange Commission, and others including financial industry overseers that specified tight deadlines for reporting of cyber breaches. Under new Republican leadership, the SEC in June withdrew several proposals from the prior administration. One was for broker-dealers, clearing agencies and other covered entities to make “immediate notification to the commission of the occurrence of a significant cybersecurity incident.”

Representing a united front among advocacy groups, a May 22 comment letter from the American Bankers Association, Bank Policy Institute and others told the SEC that after 18 months in effect, cyber incident disclosures for Form 8-K Item 1.05 had proven to be premature, confusing, unhelpful to investors, and weaponized by hackers using “the rule's prescriptive requirements as...

to access this content.

Become a GARP Member to Unlock Exclusive Risk Insights and More!

  • Access timely articles, thought leadership, and an archive of on-demand webcasts, event recordings, and Chapter meeting presentations in our Member Multimedia Library.
  • Get regulatory capital data for global and regional banks in North America, Europe, Asia, and Africa through our Pillar 3+ data analytics platform from the GARP Benchmarking Initiative (GBI®).
  • Gain priority registration to attend any worldwide Chapter meeting for free, as well as preferential rates for GARP events and access to local members-only dinners and professional networking opportunities.
  • Receive comprehensive access via our digital GARP Learning platform to the latest curriculum readings, videos, end of chapter practice questions, and more for the program(s) of which you passed the exam(s).

Topics: Cybersecurity

Trending

Article Members Only

Third-Party Risk Alarm: A JPMorgan Executive Calls Out Software-as-a-Service

August 8

IT security issues and concentration risk can have systemic consequenc...

Cybersecurity
Read Article