SEC adopts rule requiring cyber incident disclosures within four days

By Kyle Brasseur2023-07-26T16:30:00

The Securities and Exchange Commission (SEC) on Wednesday finalized its controversial rule requiring public companies to disclose the nature, scope, timing, and impact of cybersecurity incidents deemed to be material within four business days.

The rule, proposed in March 2022, has received significant attention in the past year for the relatively short timeline it provides businesses to grasp the extent of a cybersecurity incident such as a data breach. Also short will be its compliance date, as large companies as soon as December could be required to begin making the new disclosures.

Smaller reporting companies will receive an additional 180 days to comply.

THIS IS MEMBERS-ONLY CONTENT

JOIN NOW

You are not logged in and do not have access to members-only content.

If you are already a registered user or a member, SIGN IN now.

News Brief
DOJ sets expectations for SEC cyber incident disclosure delays

2023-12-13T18:04:00Z By Kyle Brasseur

Companies won’t have an easy path toward earning additional time from the Department of Justice regarding the disclosure of a material cybersecurity incident to the Securities and Exchange Commission as required under a new rule.
News Brief
Blackbaud settles with states for $49.5M over 2020 data breach

2023-10-16T21:16:00Z By Jeff Dale

Software company Blackbaud agreed to pay $49.5 million in a multistate settlement addressing charges related to a 2020 cyberattack that exposed the personal data of approximately 13,000 consumers.
Premium
Covington mulling appeal of ruling in SEC breached client case

2023-08-04T18:01:00Z By Adrianne Appel

Covington & Burling is leaving open the possibility of appealing a recent federal court order requiring the law firm to provide the names of hacked clients to the Securities and Exchange Commission.

More from Regulatory Policy

News Brief
Hospitals, health IT face HHS crackdown for blocking electronic records

2025-09-05T18:42:00Z By Adrianne Appel

The Department of Health and Human Services is stepping up its enforcement against hospitals and other health entities that block the sharing of electronic health records.
Article
Digital wallets should speed up compliance, but companies must focus on trust and security

2025-09-04T18:49:00Z By Ruth Prickett

The EU has one, the U.K. is getting one, many U.S. states are working with Google and Apple to provide one, and now industry sectors are developing their own digital wallet.
News Brief
FinCEN again delays U.S. ban on three Mexican financial institutions

2025-08-28T20:40:00Z By Aaron Nicodemus

The order barring three Mexican financial institutions from doing business with U.S. financial institutions has been delayed until October.

SEC adopts rule requiring cyber incident disclosures within four days

THIS IS MEMBERS-ONLY CONTENT

Related articles

DOJ sets expectations for SEC cyber incident disclosure delays

Blackbaud settles with states for $49.5M over 2020 data breach

Covington mulling appeal of ruling in SEC breached client case

More from Regulatory Policy

Hospitals, health IT face HHS crackdown for blocking electronic records

Digital wallets should speed up compliance, but companies must focus on trust and security

FinCEN again delays U.S. ban on three Mexican financial institutions