New SEC Rules around Cybersecurity Incident Disclosures
The US Securities and Exchange Commission adopted final rules around the disclosure of cybersecurity incidents. There are two basic rules: Public companies must “disclose any cybersecurity incident they determine to be material” within four days, with potential delays if there is a national security risk. Public companies must “describe …