The U.S. Government Accountability Office's offices in Washington. Credit: demerzel21/Adobe Stock
A new report from the U.S. Government Accountability Office (GAO) urged federal agencies to better coordinate cybersecurity regulations, warning that overlapping and inconsistent rules are creating unnecessary burdens for critical infrastructure sectors, including financial services.
The report summarized feedback from a September 2025 industry panel that included Andrew Morris, director of innovation and technology at America's Credit Unions, who offered the credit union industry's perspective on the growing complexity of federal cybersecurity requirements.
Panel participants from several sectors said federal cybersecurity regulations often overlap or conflict, forcing organizations to devote significant time and resources to compliance rather than strengthening actual security defenses. Multiple regulatory frameworks can require similar incident reporting, but with different timelines, definitions and data requirements.
Industry representatives recommended several steps to improve regulatory coordination. Among the most prominent was harmonizing cyber incident reporting requirements across federal agencies, a key point highlighted by Morris during the panel discussion.
Additional recommendations included renewing cybersecurity information-sharing legislation, creating an interagency working group to align cybersecurity rules, reducing duplicative regulations and establishing measurable metrics to evaluate the effectiveness of cybersecurity mandates.
The GAO report also noted that while some progress has been made toward regulatory harmonization, industry participants generally believe federal agencies still have significant work to do to reduce overlapping requirements and clarify cybersecurity standards.
© Touchpoint Markets, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.