These groups, led by the American Bankers Association (ABA), wrote to the SEC last week, contending that disclosing cybersecurity incidents “directly conflicts with confidential reporting requirements intended to protect critical infrastructure and warn potential victims.”
Joining the ABA were the Securities Industry and Financial Markets Association, the Bank Policy Institute, Independent Community Bankers of America, and the Institute of International Bankers, who argue the rule hinders regulatory efforts to bolster national cybersecurity.
The letter was flagged in a report Monday (May 26) by Cointelegraph, which noted that the rule in question — the SEC’s Cybersecurity Risk Management rule, published in July 2023 — requires companies to quickly disclose incidents such as data breaches or hacks.
But the banking groups say this rule was flawed from the beginning and has been problematic in practice since going into effect.
The letter said that the “complex and narrow disclosure delay mechanism” interferes with incident response and law enforcement, while also breeding “market confusion” between mandatory and voluntary disclosures.
Meanwhile, PYMNTS wrote last week about the cyber risks facing cryptocurrency exchanges at a time when these companies “are rapidly evolving into digital-age banks.”
“Like banks in the 20th century, crypto firms are beginning to sit at the intersection of money, identity and financial services,” that report said.
“This brings with it a heightened degree of risk and a growing need for guardrails. Many of the largest crypto firms in the world are exchanges that centralize massive troves of data and assets, inadvertently making them single points of failure if credentials get compromised.”
And with the industry recently learning that Coinbase, the largest U.S. exchange, had been hacked, the implications of housing a centralized store of correlated user information are top of mind for the rest of the financial ecosystem, especially as crypto goes mainstream.
“In the last two days alone, we’ve been approached by dozens of Coinbase customers who were likely on that list and have since been targeted by attackers impersonating Coinbase Support,” Bezalel Eithan Raviv, CEO of Lionsgate Network, told PYMNTS in an interview. “They used fear tactics — ‘Your account has been breached’ — along with instructions to ‘safeguard’ their assets by transferring them directly to the attackers’ wallets.”
