Jessica Lyons Hardcastle reports:
Public companies that suffer a computer crime likely to cause a “material” hit to an investor will soon face a four-day time limit to disclose the incident, according to rules approved today by the US Securities and Exchange Commission.
The SEC proposed the changes last March, and on Wednesday the financial watchdog voted to adopt the requirements [PDF]. The rules, which take effect 30 days after being signed into the Federal Register later this year, will require publicly traded firms to openly disclose in a new section (Item 1.05) of Form 8-K any cybersecurity incident that has a material impact on their business.
Read more at The Register.