New SEC Rules Require Incident Disclosure for Cybersecurity Breaches Within Four Days

New rules voted in by the Securities and Exchange Commission (SEC) last week require all publicly traded companies to report any cybersecurity breaches that could cause a material impact within four days. However, there are some caveats that can delay the incident disclosure; the timer doesn’t start until the company determines that the breach could be material, and there are also exceptions for breach disclosures that might cause a “substantial risk” to public safety or national security

Tue Aug 1, 2023