The U.S. Securities and Exchange Commission has withdrawn proposed Biden-era cybersecurity rules that would have mandated investment firms and advisors to establish cyber risk-addressing policies and disclose significant cyber incidents over the past two fiscal years as part of the Trump administration's deregulation efforts, according to CyberScoop.
While Better Markets Director of Securities Policy Benjamin Schiffrin previously noted the importance of cybersecurity programs among broker-dealers and investment advisors following attacks against Fidelity Investments and Prudential last year, Bank Policy Institute BITS Senior Vice President Heather Hogsett said that the rules would have only allowed nation-state threat actors and other adversaries to enhance their attack techniques, as well as potentially redirected resources for tackling cyber threats to regulatory compliance. "Requiring cybersecurity experts to spend more time on procedural compliance matters rather than protecting the firm doesn't make the financial system any safer, it only diverts resources from actual threats," said Hogsett. Such a development comes after the SEC was urged by banking groups to rescind rules requiring immediate cyber incident disclosures.
While Better Markets Director of Securities Policy Benjamin Schiffrin previously noted the importance of cybersecurity programs among broker-dealers and investment advisors following attacks against Fidelity Investments and Prudential last year, Bank Policy Institute BITS Senior Vice President Heather Hogsett said that the rules would have only allowed nation-state threat actors and other adversaries to enhance their attack techniques, as well as potentially redirected resources for tackling cyber threats to regulatory compliance. "Requiring cybersecurity experts to spend more time on procedural compliance matters rather than protecting the firm doesn't make the financial system any safer, it only diverts resources from actual threats," said Hogsett. Such a development comes after the SEC was urged by banking groups to rescind rules requiring immediate cyber incident disclosures.
