The U.S. Securities and Exchange Commission (SEC) has implemented a new rule requiring publicly traded companies to report “material” cybersecurity incidents within four business days. This rule aims to provide investors with more consistent and transparent information about potential cybersecurity risks, addressing the previous inconsistencies in major incident disclosures. The implementation of this rule signifies the SEC’s increased emphasis on cybersecurity transparency in the corporate sector, reflecting a growing awareness of the significant impact cybersecurity incidents can have on businesses and their stakeholders.
Relevant URL: https://cyberscoop.com/sec-cybersecurity-incidents-disclosure-rule/