Tech industry raises third-party concerns over draft cyber rules for financial sector

The technology industry is arguing that proposed cybersecurity regulations for financial institutions are overly broad and would undermine the crucial data-protection services provided by third-parties. Rather, regulators should pare back the proposed requirements, emphasize a risk-based approach to cybersecurity, and allow for tailored and targeted approaches to addressing supply-chain risks.

The arguments are laid out in written comments submitted last week by the Information Technology Industry Council and Microsoft in response to an advance notice of proposed rulemaking by the...