Consumer Reports, along with Consumer Federation of America, the Secure Resilient Future Foundation, and the Electronic Privacy Information Center, filed comments with the Securities and Exchange Commission urging the agency to retain its 2023 rules requiring companies to publicly disclose material cybersecurity incidents. CR’s comments were in response to a petition from the American Bankers Association in May asking the SEC to rescind the Rule.
In its comments, CR discussed the importance of transparency to investors around cybersecurity attacks and criticized industry proposals would allow companies to hide relevant information from the market, potentially for years. We urged the agency to retain its existing framework which provides critical information that empowers investors to make informed decisions, and enables public- and private sector monitors to track the widespread incidence of cyber attacks.