The Securities and Exchange Commission wants corporate America to tell investors more about cybersecurity breaches and what's being done to fight them.
The SEC has voted 3-2 to adopt new rules on cybersecurity disclosure.
It will require public companies to disclose "material" cybersecurity breaches within 4 days after a determination that an incident was material.
Corporate America is pushing back, claiming that the short announcement period is unreasonable, and that it would require public disclosure that could harm corporations and be exploited by cybercriminals.
Current cybersecurity rules are fuzzyCurrent rules on when a company needs to report a cybersecurity event are fuzzy.
Persons:
Gary Gensler, Hope, cybersecurity, CISA, SIFMA, Gensler, Jensen
Organizations:
Securities, Exchange Commission, SEC, Corporate America, Federal Register, prudential, Securities Industry, Financial Markets Association, Industry, NYSE Group, Nasdaq, FBI, Infrastructure Security Agency, Department of Homeland Security, Williams
Locations:
America