New cybersecurity reporting requirements for publicly traded companies are expected to be enacted in the spring of 2023, with proposed rules from the US Securities and Exchange Commission (SEC) looking for more information and transparency from those hit with security incidents.
Under the proposal, the SEC would implement three new rules that public companies will need to follow:
- A requirement that companies report any cybersecurity event within four business days of determining that it was a material incident.
