By Douglas Gillison
(Reuters) -Wall Street's top regulator on Wednesday adopted new rules requiring publicly traded companies to disclose hacking incidents, a measure officials said was to help the investing public contend with the mounting cost and frequency of cyber attacks.
The five-member U.S. Securities and Exchange Commission was also set to issue a proposal governing potential conflicts of interest in broker-dealers' use of artificial intelligence, a reform partly influenced by the events of the 2021 «meme stock» rally when officials found robo-advisers and brokers used AI and game-like features to drive trading.
The new cybersecurity rule will require companies to disclose a cyber breach within four days after determining it is serious enough to be material to investors. The rule would allow delays if the Justice Department deems them necessary to protect national security or police investigations, according to the SEC.
Companies will also have to describe periodically what efforts they are making to identify and manage threats in cyberspace. The rule, first proposed in March of 2022, forms part of a broader SEC effort to harden the financial system against data theft, systems failure and cyber-intrusions.
Republican Commissioners dissented, saying the new rule was unnecessary given already existing requirements, unduly burdensome on companies and could offer hackers a roadmap to their targets’ vulnerabilities and the size of ransom to be demanded.
Ahead of the vote, SEC officials said that in response to public comments they had trimmed certain parts of the proposal, removing a requirement for companies to disclose board members' expertise in cybersecurity and narrowing the definition of what information must be
Read more on investing.com