The Securities and Exchange Commission (SEC) proposed a rule for public companies to report cyber security incidents with an extent of four days after they occur.
If this rule takes effect, the company would have to update investors about the effects that the incident had and continues to have.
“Today, cybersecurity is an emerging risk with which public issuers increasingly must contend. Investors want to know more about how issuers are managing those growing risks,” commented SEC chair Gary Gensler in a press release. SEC is awaiting public hearing on the proposed rule for at least 60 days.
See more in the Compliance Week’s report: https://www.complianceweek.com/regulatory-policy/sec-proposes-companies-report-cybersecurity-incidents-within-four-days/31443.article
Comments