SEC Requires Companies to Report Cybersecurity Incidents Within Four Days
While U.S. technology regulators are generally toothless compared with their European counterparts, they still do manage the occasional nip. The U.S. Securities and Exchange Commission has adopted a new rule requiring public companies to report significant cybersecurity incidents within four business days. Can’t hurt.