Cybersecurity
SEC Sets 4-Day Deadline for Public Companies to Report Hacks
- Delay possible if public safety or national security at risk
- Some business groups argued that deadline was too short
This article is for subscribers only.
Companies hit by cyberattacks face a four-day deadline for publicly disclosing significant impact under controversial new rules approved Wednesday by the US Securities and Exchange Commission.
Those rules, proposed last year and vigorously contested by trade organizations and businesses, would require publicly traded firms to file details of a cyberattack within four days of identifying that it has a material impact.