Under the SEC’s new cybersecurity rules, public companies must report any material incident (defined as an incident that a reasonable investor would likely consider important) within four business days of becoming aware of it. Companies must also now file a report if a series of previously undisclosed incidents share a common factor that points to a material cybersecurity issue, such as incidents with a common attack source or mechanism.

Source: Help Net Security