Business leaders have been reluctant to openly discuss the cybersecurity risks and failures of their organizations, but many no longer have a choice. New Security and Exchange Commission (SEC) rules, which took effect December 18, now require public companies to disclose their cybersecurity risk-management strategies and to report any material incidents within four days.
Source: SC Magazine