The Securities and Exchange Commission (SEC) has mandated that publicly traded corporations, including cryptocurrency enterprises, submit yearly reports on their “cybersecurity risk management, strategy, and governance.”
In order to foster more trust between investors and public firms, the new rule mandates corporations to disclose any “material” cybersecurity issues within four working days.
Companies must outline the impact of the cyberattack on their business, as well as provide a report documenting the occurrence and its date.
It is unclear how businesses would assess whether security breaches may have a financial consequence.
The new requirement will take effect 30 to 180 days after the revised financial release is published in the Federal Register.
