September 5 marked the effective date of the mandate for publicly traded companies to notify the US SEC of a cyberattack within four days of a material cybersecurity incident. December 15 is when companies are required to notify investors.
Under the new rule, registrants must disclose material cybersecurity incidents they experience,