“While we appreciate the intent behind the SEC’s proposed rulemaking is to improve public companies’ cybersecurity postures and disclose material cybersecurity incident information to investors, we are concerned that the rulemaking is potentially duplicative of the incident reporting requirements in recently passed legislation,” John Miller, senior vice president and general counsel for the Information Technology Industry Council, told Nextgov.
I believe this echoes similar sentiments expressed in the energy industry.