On 26 July, the Securities and Exchange Commission (SEC) accepted rules that required several public companies in the United States to make related disclosure of their cybersecurity incidents material, information on cybersecurity risk management, strategy, and governance.
Since the number of digital payments and operations is increasing, to avoid criminals monetizing cybersecurity incidents, new rules are to be adopted on cybersecurity disclosure. Any public company will soon be required to disclose a cyberattack within four days unless such disclosure is considered a possible national security or public safety risk. These rules will become effective 30 days after the publication in the Federal Register of their adoption.
“Through helping to ensure that companies disclose material cybersecurity information, today’s rules will benefit investors, companies, and the markets connecting them,” said SEC Chair Gary Gensler.
Any publicly traded company in the United States is included in the rules. In the crypto industry, several crypto companies include Coinbase (COIN), Marathon Digital (MARA), Riot Blockchain (RIOT), and Hive Digital Technologies (HIVE).
