The U.S. Securities and Exchange Commission (SEC) adopted new rules on Wednesday that will require companies to report incidents related to cybersecurity breaches within four days—a requirement that faces opposition from industry groups.
The new regulations require companies to disclose cybersecurity incidents through Form 8-K, which are publicly available documents that inform shareholders about major changes made at the company. Cybersecurity incidents have to be reported within four business days after being discovered.
