Skip to main content
close search
site logo
Dive Brief

SEC scraps proposed cybersecurity rules for investment advisers, market participants

The commission offered no rationale for removing rules that would have imposed security requirements on financial services providers.

Published June 16, 2025 Updated 7 hours ago
Eric Geller's headshot
Senior Reporter
SEC seal outside Washington D.C. building
The U.S. Securities and Exchange Commission seal hangs on the facade of its building in Washington, D.C. The commission on Thursday withdrew two proposed cybersecurity regulations. Chip Somodevilla via Getty Images
This audio is auto-generated. Please let us know if you have feedback.

Dive Brief:

  • The Securities and Exchange Commission has withdrawn proposed cybersecurity regulations for investment advisers and companies participating in securities markets.
  • The decisions, announced on Thursday with no explanation, mark potentially significant reversals of the commission’s plans to subject major financial entities to cyber requirements for the first time.
  • The rollbacks also raise questions about the now Republican-led SEC’s commitment to a cyber incident disclosure rule for public companies that the agency adopted in 2023 under Democratic leadership.

Dive Insight:

The SEC had proposed the now-scrapped rules over concerns that financial advisers and securities-market participants — like investment funds and clearing agencies — weren’t taking cybersecurity seriously enough, leaving their computer systems vulnerable to intrusions that could cost vast sums of money or profoundly undermine confidence in the U.S. financial system.

In proposing the rule for securities-market participants, the SEC noted that the financial-services sector faced digital threats from hackers who “use constantly evolving and sophisticated tactics, techniques, and procedures” and pose “a serious risk” to the financial system.

Similarly, in proposing the rule covering investment advisers, the commission said it was “concerned about the efficacy of adviser and fund practices industry-wide to address cybersecurity risks and incidents,” warning that current practices, including those surrounding incident disclosure, “may not adequately address investor protection concerns.”

It remains unclear why the SEC, now led by an appointee of President Donald Trump, has withdrawn the proposed cybersecurity regulations. A spokesperson declined to address the decision but said the commission was “getting back to our roots of promoting, rather than stifling, innovation.”

But the SEC’s new leadership has taken aim at several regulations that the commission proposed and adopted during the Biden administration, including a landmark climate disclosure rule. As with climate change, the Trump administration has opposed Biden-era efforts to address cybersecurity through regulation.

The SEC’s actions could embolden the financial services industry to press its case for the rescission of the cyber incident disclosure rule, which the industry has already identified as a major priority.

Editor’s note: This article has been updated with a comment from the SEC.

 

Editors' picks

Company Announcements

View all | Post a press release
22 Percent Failure Rate Across Top Endpoint Security Controls Undermines Enterprise Resilience…
From Absolute Security
June 06, 2025
Mckinsey Nextrend: 5 Tools That Help You Sleep Better at Night (If You’re a CISO)
From Mckinsey Nextrend
June 04, 2025
iOT365 and Check Point Software Partner to Offer Full-Spectrum OT/IoT Cybersecurity
From iOT365
June 10, 2025
iOT365 logo
Embrace Enhances User-Focused Observability Platform with New Web RUM Product
From Embrace
June 11, 2025
Embrace logo
Editors' picks
Latest in Strategy
Industry Dive is an Informa TechTarget business.
© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.