SEC Aims to Avoid Cyber Disclosure Rule 'Compliance Burdens'
The U.S. Securities and Exchange Commission (SEC) has announced that smaller companies will have extra time to comply with a new cyber incident reporting rule. The rule requires public companies to report material cyber incidents within four days of determining their impact. The SEC aims to provide investors with useful information about cybersecurity risks. The rule comes into effect on December 18, but smaller companies have an additional 180 days to comply. The SEC also stated that the rule includes exceptions for cases where public disclosure could pose significant risks to public safety or national security.