SEC rules companies now have to report breaches within 4 days

New rules set out by the US Securities and Exchange Commission (SEC), require publicly traded companies in the US to report a “material” cyber-incident within four days of its discovery.

In its announcement, the SEC describes material incidents as those that the shareholders of the company would deem important “in making an investment decision”. The business watchdog also changed the rules on how foreign private issuers must disclose cybersecurity breaches. 


Leave a Comment