SEC New Cybersecurity Rules. What Does it Mean for US Businesses?


As of this morning, public companies operating in the U.S. now have 4 (four) days to disclose “material” cybersecurity incidents and data breaches.

The U.S. Securities and Exchange Commission cybersecurity rules describe a material incident as a matter “to which there is a substantial likelihood that a reasonable investor would attach importance” in an investment decision.

Critically, companies will need to investigate hacking incidents and data breaches at third-party service providers and even cloud vendors in order to meet the 96-hour deadline.

Although exceptions have had to be included presumably for the regulation to pass, this is an important development that may even see an increase in listings to international stock markets.

Click here to read the full article

This post originally appeared on



Bad Privacy Blog by Claudiu Popa

Fīat jūstitia, ruat cælum. Personal musings on data protection fails, snafus & oddities, written & edited by Claudiu Popa; author, educator, booknerd.