Skip to content
US Securities and Exchange Commission

House, Senate Republicans Introduce Resolutions to Nix SEC Cyber Breach Disclosure Rules

Bill Flook  Editor, Accounting and Compliance Alert

· 5 minute read

Bill Flook  Editor, Accounting and Compliance Alert

· 5 minute read

Republicans in the House and Senate have introduced Congressional Review Act (CRA) resolutions to scrap the SEC’s cybersecurity incident disclosure rules, casting the reforms as duplicative with other federal requirements.

The commission in July voted 3-2, with two Republican commissioners dissenting, to adopt rules in Release No. 33-11216Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure requiring companies to report cyber breaches within four business days of deeming them material, among other changes. SEC Chair Gary Gensler framed the reforms as enhancing and standardizing disclosures of public company cyber practices and material incidents. (See SEC Adopts Sweeping Cybersecurity Rules, Requiring Timely Reporting of Significant Breaches in the July 27, 2023, edition of Accounting & Compliance Alert.)

The CRA allows lawmakers to scrap a regulation through a simple majority vote in both the House and Senate, subject to a presidential veto. Representative Andrew Garbarino (R-NY) and three GOP cosponsors introduced the House resolution to block the cyber rules on November 9, 2023, the same day Senator Thom Tillis (R-NC) introduced the Senate version alongside one cosponsor.

Garbarino, in a statement, cited the Cybersecurity and Infrastructure Security Agency’s (CISA) role in developing cyber incident reporting regulations under the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA).

“Congress has been clear in its intent to harmonize federal incident reporting requirements, a position that the Biden Administration has emphasized as well,” he said in the statement. “Despite this, the SEC took it upon itself to create duplicative requirements that not only further burden an understaffed cybersecurity workforce with additional and unnecessary reporting requirements, but also increase cybersecurity risk without a congressional mandate and in direct contradiction to public law that is intended to secure the homeland. This CRA resolution will reinforce the congressional intent of CIRCIA and ensure that the SEC rule no longer poses a danger to our homeland.”

Republicans have had some success in the 118th Congress peeling off moderate Senate Democrats to pass CRA resolutions. But President Joe Biden has so far vetoed seven such resolutions, including one targeting a Department of Labor rule on environmental, social and governance (ESG) investing and proxy voting. (See While House Veto Override Fails, new ESG Rules Remain in Delicate Spot in the March 27, 2023, edition of ACA.)


This article originally appeared in the November 15, 2023 edition of Accounting & Compliance Alert, available on Checkpoint.

Get all the latest tax, accounting, audit, and corporate finance news with Checkpoint Edge. Sign up for a free 7-day trial today.

More answers