In the USA, banking groups demanded the abolition of the SEC's cyber security explanation requirement
America's leading banking associations made an official application to abolish the provision of SEC's public companies within four days. The reasons include the risk of critical infrastructure safety, ransom software attackers use this information as a weapon, and creating confusion in the markets.
Call from the Finance World to SEC: “This practice is endangering public security”
In a letter they sent to the Five Grand Banking Organizations in the United States, the Securities and the Stock Exchange Commission (SEC) on May 22, demanded that companies must withdraw their cyber security incidents to the public.
Among the groups that make the application are the following institutions:
American Bankers Association (ABA)
Securities Industry and Financial Markets Association (Adjective)
Bank Policy Institute
Independent Community Bankers of America
Institute of International Bankers
Criticized Article: “Item 1.05” on the target
The groups especially want to cancel the “Item 1.05” article in Form 8-K. This article stipulates that public companies shared events that will affect investors (eg cyber attacks, data leaks) with the public and the public.
Bank representatives, this obligation:
Contradictory with secret reporting systems to protect the critical infrastructure,
That the intervention in events and the work of law enforcement officers difficult
That Ransomware (ransom software) groups used explanations to threaten companies,
He states that he suppresses internal communication and information sharing.
“The investor is protected, this rule is unnecessary”
According to banking institutions, investor interests are sufficiently protected within the current explanation frameworks without “Item 1.05”. Therefore, they recommend that the existing system continues to be used.
“If cyber security events are important, it can be explained within the scope of the current system. The compulsory four -day notification requirement creates unnecessary burden and risk.”
Crypto companies are also affected: Coinbase example
This application directly affects public crypto currency companies such as Coinbase. Coinbase has recently been attacked by a Phishing (Oltalama) where employees leaked user data in exchange for bribes.
The company rejected the ransom offer of $ 20 million,
Following the announcement of the incident to the public, he faced at least seven different cases,
Coinbase announced that the incident could cause damage up to 400 million dollars.
If the SEC can canceled this rule, companies may have more flexible timeline to explain similar cyber security events to the public.
Conclusion: Transparency or security?
The debate points to one of the most critical issues of the digital age: the balance between transparency and security. While the banking sector gives priority to security, regulatory institutions continue to protect investors. The SEC’s response to this application directly concerns not only the financial world, but also the crypto currency companies.
