As of this morning, public companies operating in the U.S. now have 4 (four) days to disclose “material” cybersecurity incidents and data breaches.

The U.S. Securities and Exchange Commission cybersecurity rules describe a material incident as a matter “to which there is a substantial likelihood that a reasonable investor would attach importance” in an investment decision.

What Does it Mean for a Data Breach to be Material 2

Critically, companies will need to investigate hacking incidents and data breaches at third-party service providers and even cloud vendors in order to meet the 96-hour deadline.

Although exceptions have had to be included presumably for the regulation to pass, this is an important development that may even see an increase in listings to international stock markets.

What Does it Mean for a Data Breach to be Material?
Click image to read the full article.