WASHINGTON (AP) — The Securities and Exchange Commission has adopted rules to require public companies to disclose within four days all cybersecurity breaches that could affect their bottom lines.
Delays will be permitted if immediate disclosure poses serious national security or public safety risks.
The new rules, passed by a 3-2 vote on Wednesday, also require publicly traded companies to annually disclose information on their cybersecurity risk management and executive expertise in the field.