Companies Must Disclose Security Breaches Within Four Days Under New Rule

New rules are intended to increase transparency and encourage firms to increase cyber security protections.

The US Securities and Exchange Commission (SEC) has this week announced a new rule that requires public companies to disclose any security breaches within four days. 

The time limit is specifically set for any breaches that could affect a company’s bottom line. However, delays will be permitted for anything that poses a threat to public safety or national security.

In an effort to protect investors, the new rules also require publicly traded companies to share information on their cybersecurity risk management and any cybersecurity expertise their executives hold.

This change follows the recent news that data breaches are on track to set a new record in 2023, with the number of victims increasing by 153% in the first half of this year alone.

SEC Acknowledge The “Growing Risk” Of Data Breaches

These new rules aim to provide transparency into the “growing risk” of data breaches and will hopefully push companies to bolster their cyber defenses. 

Before now, no federal breach disclosure law has existed. Only healthcare providers and some critical infrastructure operators have been required by law to report them.

Take back control of your data

Incogni by Surfshark can help you reclaim your information from third-party vendors.

The SEC noted highlighted that whether a company “loses a factory in a fire or millions of files in a cybersecurity incident” it will impact investors.

The rule states that the four-day window of reporting doesn’t officially start until the company has confirmed the breach as material. However, the US Attorney General stated that the delay could be extended beyond 60 days under extraordinary circumstances, such as “a substantial risk to national security or public safety”.

Could This Rule Actually Help Hackers?

The rule was first proposed back in March 2022, when the SEC found that a rise in corporate network breaches and cybersecurity incidents caused an increased cost to investors. This was largely put down to the rise in digital operations and remote working.

Tenable CEO Amit Yoran, leading figure in cybersecurity, praised the new rule in a statement:

“For a long time, the largest and most powerful US companies have treated cybersecurity as a nice-to-have, not a must have. Now it’s abundantly clear that corporate leaders must elevate cybersecurity within their organizations.” 

The new requirement hasn’t been met with total positivity or confidence everywhere, however. Concerned that hackers could benefit from information on how companies manage their cyber risk, Republican commissioner Hester Peirce stated that the rule overstepped the SEC’s authority and “seems designed to better meet the needs of would-be hackers”.

His statement went on to say that the temptation for the SEC to “micromanage” company operations is likely to increase following this latest requirement.

Companies Pay $4.5m To Deal With Breaches

The new SEC rule includes third-party apps and acknowledges the increased reliance companies have on outside cloud services for data and storage. These in part have been attributed to the rise in costs that companies face when dealing with cybersecurity incidents.

In a new report by IBM Security, researchers found that companies pay on average $4.5m to deal with breaches. This is a 15% increase from the past three years. And it’s not the businesses footing the bill for this, with many of those costs being passed on to consumers.

In fact, it seems as though consumers get hit the hardest should a breach happen, with the number of cybersecurity victims increasing from 62m to 157m in the first half of this year alone. This could include anything from having their social media account hacked into or their bank information being compromised. 

As well as a decreased risk for investors, it’s hoped a reduction in consumers hit by incidents will also be seen If the SEC’s ruling is to work as expected.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at

Written by:
Ellis Di Cataldo (MA) has over 9 years experience writing about, and for, some of the world’s biggest tech companies. She's been the lead writer across digital campaigns, always-on content and worldwide product launches, for global brands including Sony, Electrolux, Byrd, The Open University and Barclaycard. Her particular areas of interest are business trends, startup stories and product news.
Explore More See all news
Back to top
close Step up your business video conferencing with GoToMeeting, our top rated conferencing app – try it free for 14 days Try GoToMeeting Free