Author: Brayden Lindrea, CoinTelegraph; Translated by Song Xue, Golden Finance

U.S. public companies, including listed cryptocurrency firms, will be required to disclose any major cybersecurity incidents within four days under new rules adopted by the U.S. securities regulator.

SEC rules require any public company to disclose a cyberattack deemed “significant” within four days of it happening, except in cases where it is deemed likely to endanger national security or public safety.

The SEC said the rules were adopted on July 26 and will take effect 30 days after the publication of an implementing notice in the Federal Register.

It also requires periodic reporting on the registrant’s policies and procedures for identifying and managing cybersecurity risks and periodic updates on previously reported cybersecurity incidents.

According to a July 26 SEC statement, the upcoming rules are intended to benefit investors by strengthening cybersecurity risk management measures.

SEC fact sheet explaining upcoming cybersecurity disclosure rules. Source: SEC.

“By helping to ensure companies disclose important cybersecurity information, today’s rules will benefit investors, companies, and the markets that connect them,” explained SEC Chairman Gary Gensler.

The new rules will apply to any publicly traded company in the U.S. In the crypto industry, publicly traded crypto companies include Coinbase (COIN), Marathon Digital (MARA), Riot Blockchain (RIOT), and Hive Digital Technologies (HIVE).

The SEC explained that the increase in digital payments and the digitization of the workforce, combined with the ability of criminals to profit from cybersecurity incidents, makes the new rules necessary to protect investors.