The U.S. Chamber of Commerce welcomes the opportunity to comment on the Securities and Exchange Commission’s (the SEC’s or the Commission’s) Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure proposal. 1 We appreciate the engagement that the Chamber has had with the SEC on this complex issue. The Chamber agrees with the Commission that responsible cybersecurity policies and practices are in the best interest of investors, boards of directors, and management. However, any cybersecurity disclosure policies must abide by the norms of materiality and the SEC’s legal mandate to promote investor protection, competition, and capital formation. As it stands, the Chamber contends that the proposed rules have several significant flaws:
