Life insurers take issue with 48-hour reporting requirement in SEC cyber proposal for investment advisors and firms

The American Council of Life Insurers argues that the SEC is inappropriately singling out investment advisors and funds with a proposed 48-hour cyber incident reporting requirement while simultaneously proposing a 72-hour standard for publicly traded companies, in comments on a draft cyber regulation.

“A 48-hour deadline would single out Advisors as having the most aggressive reporting deadline we have yet encountered, and our members do not believe that those entities are uniquely exposed to any specific increased cybersecurity risks that...