HIMSS joined more than 30 other organizations across various industry sectors to urge the Securities and Exchange Commission (SEC) to collect further industry input on its proposed rules on Cybersecurity Risk Management, Strategy, Governance, and Indecent Disclosure.
The group believes the proposed rules could undermine cybersecurity by forcing companies to disclose incident information before vulnerabilities are fixed. This would give cybercriminals and state-backed hackers a trove of data to further victimize companies, harm law enforcement investigations and disrupt public-private responses to cyberattacks.
Along with its partner organizations, HIMSS submitted a letter noting that although the SEC’s proposed rules focus on increasing investors’ knowledge of companies’ cybersecurity postures, it departs significantly from the Commission’s 2018 interpretive guidance, which effectively balances investor interests with companies’ cybersecurity disclosure obligations.
HIMSS and its partners urge the Commission to consider the following points before finalizing the proposal:
The letter discusses the belief that companies must strike a balance between transparency and protecting sensitive information related to cybersecurity. HIMSS and the other signing organizations, are willing to work with the SEC to revise the proposed rules so that investors can be provided with timely information about potential cyberattacks while mitigating the risks associated with disclosing sensitive cybersecurity information.
At HIMSS, our vision is to realize the full health potential of every human, everywhere. Be part of the community that’s transforming the global health ecosystem with courage, curiosity and determination.