September 5 marked the effective date of the mandate for publicly traded companies to notify the US SEC of a cyberattack within four days of a material cybersecurity incident. December 15 is when companies are required to notify investors.
Under the new rule, registrants must disclose material cybersecurity incidents they experience,
Free Trial
Register for free to keep reading.
To continue reading this article and unlock full access to GRIP, register now. You’ll enjoy free access to all content until our subscription service launches in early 2026.
- Unlimited access to industry insights
- Stay on top of key rules and regulatory changes with our Rules Navigator
- Ad-free experience with no distractions
- Regular podcasts from trusted external experts
- Fresh compliance and regulatory content every day
