WASHINGTON, D.C. – Christopher Roberti, U.S. Chamber senior vice president for Cyber, Space, and National Security Policy, issued the following statement today regarding the Securities and Exchange Commission adopting rules on cybersecurity risk management, strategy, governance, and incident disclosure by public companies.
“The Cyber Incident Reporting for Critical Infrastructure Act of 2022 made it clear that cyber incident reporting to government should occur confidentially and in a protected manner. Yesterday, however, the Securities and Exchange Commission (SEC) finalized a rule that sharply diverges from that mandate and the President’s National Cybersecurity Strategy, jeopardizing a needed confidential reporting strategy and harming cyber incident victims before they can remediate incidents.
“The U.S. Chamber has long advocated for a cohesive, aligned, and protected regulatory framework for cyber risk management and continues to have grave concerns about the potential impact of the rule as finalized by the SEC. The Chamber will continue to carefully evaluate the impact of this rule and our options going forward."