Public companies in the United States, including listed crypto firms, will be required to disclose any major cybersecurity incidents within a four-day time limit under new rules adopted by the United States securities regulator.
The rules from the United States Securities and Exchange Commission require any public company to disclose a cyberattack within four days of it being deemed “material,” except in cases where such disclosure is deemed a possible national security or public safety risk.
Today we adopted rules to ensure that investors receive consistent information from public companies about material cybersecurity incidents as well as companies' cybersecurity risk management, strategy, and governance.
The rules have been adopted as of July 26, and will become effective 30 days following the publication of the adopting release in the Federal Register, according tthe SEC.
It will also require periodic reporting about a registrant’s policies and procedures to identify and manage cybersecurity risks and give periodic updates about previously reported cybersecurity incidents.
The incoming rules are intended to benefit investors by strengthening cybersecurity risk management measures, according to the SEC's July 26 statement.
“Through helping to ensure that companies disclose material cybersecurity information, today’s rules will benefit investors, companies, and the markets connecting them,” explained SEC Chair Gary Gensler.
The new rules will apply to any publicly listed company in the United States. In the crypto industry, publicly listed crypto firms include Coinbase (COIN), Marathon Digital (MARA), Riot Blockchain (RIOT) and Hive Digital Technologies (HIVE).
The SEC explained that an increase in digital payments and
Read more on cointelegraph.com