SEC holds firm on essential elements of new cyber rule, despite charges of regulatory over-reach

The Securities and Exchange Commission’s new cybersecurity rule hews closely to the controversial proposal issued in 2022, prompting criticism from the SEC’s Republican members that the body was exceeding its authority and complicating security efforts, support from within the cybersecurity community and disappointment among key industry groups.

The SEC on Wednesday approved the final rule setting cyber incident reporting and risk management requirements for publicly traded companies, on 3-2 vote. The commission’s two Republicans voted no and the proposal...